Jump to content
RESET Forums (homeservershow.com)
pcdoc

Sophos XG V16 released

Recommended Posts

pcdoc

You are correct, it is for incoming and the MASQ is ignored.  As for the IPS, IPS actually works bi-directionally with priority on incoming.  I would use WAN to LAN.

Share this post


Link to post
Share on other sites
nrf

thanks. I'm asking because one of your articles suggests lan to wan in that example.

Share this post


Link to post
Share on other sites
nrf

I've been digging thru the 'web' rules. at first I was put off by the fact that only a few choices were there to add, but when I used the "show only" button I was able to open up way too many choices to add to my policy :)

 

the "block http" action seems to do the trick. then because my household consists of only adults, I tried the 'warn' action. when I clicked the 'proceed' button on a flagged site I got the following error:

 

the url bar shows 172.16.16:16:8090/proceed/webcat/? the digit 1, then the url in question

the error is INET_E_RESOURCE_NOT_FOUND

 

anyone seen this?

Edited by nrf

Share this post


Link to post
Share on other sites
pcdoc
On 5/19/2018 at 5:11 AM, nrf said:

I've been digging thru the 'web' rules. at first I was put off by the fact that only a few choices were there to add, but when I used the "show only" button I was able to open up way too many choices to add to my policy :)

 

the "block http" action seems to do the trick. then because my household consists of only adults, I tried the 'warn' action. when I clicked the 'proceed' button on a flagged site I got the following error:

 

the url bar shows 172.16.16:16:8090/proceed/webcat/? the digit 1, then the url in question

the error is INET_E_RESOURCE_NOT_FOUND

 

anyone seen this?

 

Have not seen this error before.  It is not clear to me how you are constructing the rule and what you are trying to block.  If you can post a screenshot that would help.  Here is a partial policy that I create if that helps.

 

SNAG-0414.thumb.jpg.779dd3fcc95e91c09c1f75b35d1f542e.jpg

Share this post


Link to post
Share on other sites
nrf

this is an interesting UI. you are showing actions for http of block or warn but there is another column there for https that is only visible if you hold your mouse over it. should you choose one of the https options you get a little colored padlock. I would hope the https versions works without https MITM in place but I am not in a position to experiment right now. the rule I tested was blocking "resist.com" as a hate site. UTM flags it too as 'hate/discrimination'. when I chose the 'block' option it blocked fine, but in the 'warn' case choosing to proceed did not work. but I'm not sure if I had http, https, or both set up. this is of minor concern anyway but it would be good to know what the secret https column does.

Share this post


Link to post
Share on other sites
nrf

after some weeks of soaking my xg I took it live today. at first many sites were getting error 500 but that went away once my patterns were updated. I also dialed back my app filter to block only the very most risky apps. reviewing those and finding lastpass marked as risk level 4 makes me wonder... the risk assessments seem to be very much oriented to a retentive business view of the world.  lastpass and crashplan seem like perfectly safe and desirable APPs at home :)

at some point I am going to fine tooth comb those.

 

so far not a peep from the family so fingers crossed!

I do have an open ticket because it will not register itself, registration or listing 'my devices' on the sophos site just hang.

Edited by nrf

Share this post


Link to post
Share on other sites
pcdoc

Congrats. Sounds like you are on your way. 

Share this post


Link to post
Share on other sites
nrf

thanks! so far so good.

 

I have decided to turn off app filter until one pops up that is undesirable. as new ones appear they can be classified so you don't stumble over all the known ones again just look at the new.

 

turns out chrome+extensions (probably ublock origin) were preventing the registration etc.

Share this post


Link to post
Share on other sites
pcdoc

Which ever way works for you. The approach is probably less painful on everyone else in the house. For I started with blocking P2P and remote access an did not see any issues. Keep us posted. 

 

Share this post


Link to post
Share on other sites
nrf

a little update... so far I had to edit the default firewall rule about email, turning off the scanning of encrypted email and on for all the unencrypted variants. it was trying to MITM when my wife was sending an email.

then I found the android store was not updating so had to put in some exceptions for that, which I found on the sophos forums.

 

not too bad considering

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now



×
×
  • Create New...