Jump to content
RESET Forums (homeservershow.com)

Sophos XG V16 released


pcdoc
 Share

Recommended Posts

You are correct, it is for incoming and the MASQ is ignored.  As for the IPS, IPS actually works bi-directionally with priority on incoming.  I would use WAN to LAN.

Link to comment
Share on other sites

I've been digging thru the 'web' rules. at first I was put off by the fact that only a few choices were there to add, but when I used the "show only" button I was able to open up way too many choices to add to my policy :)

 

the "block http" action seems to do the trick. then because my household consists of only adults, I tried the 'warn' action. when I clicked the 'proceed' button on a flagged site I got the following error:

 

the url bar shows 172.16.16:16:8090/proceed/webcat/? the digit 1, then the url in question

the error is INET_E_RESOURCE_NOT_FOUND

 

anyone seen this?

Edited by nrf
Link to comment
Share on other sites

On 5/19/2018 at 5:11 AM, nrf said:

I've been digging thru the 'web' rules. at first I was put off by the fact that only a few choices were there to add, but when I used the "show only" button I was able to open up way too many choices to add to my policy :)

 

the "block http" action seems to do the trick. then because my household consists of only adults, I tried the 'warn' action. when I clicked the 'proceed' button on a flagged site I got the following error:

 

the url bar shows 172.16.16:16:8090/proceed/webcat/? the digit 1, then the url in question

the error is INET_E_RESOURCE_NOT_FOUND

 

anyone seen this?

 

Have not seen this error before.  It is not clear to me how you are constructing the rule and what you are trying to block.  If you can post a screenshot that would help.  Here is a partial policy that I create if that helps.

 

SNAG-0414.thumb.jpg.779dd3fcc95e91c09c1f75b35d1f542e.jpg

Link to comment
Share on other sites

this is an interesting UI. you are showing actions for http of block or warn but there is another column there for https that is only visible if you hold your mouse over it. should you choose one of the https options you get a little colored padlock. I would hope the https versions works without https MITM in place but I am not in a position to experiment right now. the rule I tested was blocking "resist.com" as a hate site. UTM flags it too as 'hate/discrimination'. when I chose the 'block' option it blocked fine, but in the 'warn' case choosing to proceed did not work. but I'm not sure if I had http, https, or both set up. this is of minor concern anyway but it would be good to know what the secret https column does.

Link to comment
Share on other sites

  • 4 weeks later...

after some weeks of soaking my xg I took it live today. at first many sites were getting error 500 but that went away once my patterns were updated. I also dialed back my app filter to block only the very most risky apps. reviewing those and finding lastpass marked as risk level 4 makes me wonder... the risk assessments seem to be very much oriented to a retentive business view of the world.  lastpass and crashplan seem like perfectly safe and desirable APPs at home :)

at some point I am going to fine tooth comb those.

 

so far not a peep from the family so fingers crossed!

I do have an open ticket because it will not register itself, registration or listing 'my devices' on the sophos site just hang.

Edited by nrf
Link to comment
Share on other sites

thanks! so far so good.

 

I have decided to turn off app filter until one pops up that is undesirable. as new ones appear they can be classified so you don't stumble over all the known ones again just look at the new.

 

turns out chrome+extensions (probably ublock origin) were preventing the registration etc.

Link to comment
Share on other sites

Which ever way works for you. The approach is probably less painful on everyone else in the house. For I started with blocking P2P and remote access an did not see any issues. Keep us posted. 

 

Link to comment
Share on other sites

a little update... so far I had to edit the default firewall rule about email, turning off the scanning of encrypted email and on for all the unencrypted variants. it was trying to MITM when my wife was sending an email.

then I found the android store was not updating so had to put in some exceptions for that, which I found on the sophos forums.

 

not too bad considering

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...