[Sophos Notification] Sophos XG Firewall: ​IPS causing drops to legitimate traffic and filling the IPS log

Hi Community,

If you are experiencing issues related to the following IPS log entries:

Please attempt the commands provided in the mentioned KBA.

Regards,

I don't see this problem at the moment.

However, I see the message below on my XG105 and two other customer sites. I have clicked Update Pattern and no change. I know that the latest is v9.15.39.

Which version is causing the problem? If I do see the issue at customer sites, I can follow above and KB. But I presume this is a temporary fix and Sophos are working on the solution?

Hi Paul Digby 

This is mainly affecting users on SFOS v17.1.3 MR-3. The fix for this issue is scheduled to be included in the upcoming SFOS v17.1.4 MR-4 release. Please stay tuned for more information.

Regards,

So this MR4 release will fix both problems?


1) IPS errors

2) IPS and Application signatures Failed to Update error

I think, this is not related to the mentioned issue. Please check this issue in more detail on the appliances. 

Cross checked all my appliances. All have 9.15.39. 

OK

Ill start a new query for the three XG105 that are failing to update IPS signatures with message - failed to update

Hi Paul,

Thank you for the feedback.

Please share the SFOS version of XG105.

Regards,

Deepti

Hi all,

At home I am having this issue when I try to use Firebox SSL. I am currently running the 17.5 beta 2 and the comman does not exist. Is there an equivalent command in this beta firmware?

Thanks

I started a new query here

I started a new query here

Hi,

Summary of the issues:

- IPS legitimate traffic drop

• We are tracking the issue with JIRA ID NC-39687 and will be resolved with SF 17.1 MR4 release

- IPS upgrade is failed from 9.15.36 version on SFOS release >= SF17.1

• The issue is tracked with JIRA ID NC-39823 and that has been resolved  now with 9.15.37 version.

Thank You for the valuable feedback.

Regards,

Deepti