[Sophos Notification] Sophos XG Firewall: IPS causing drops to legitimate traffic and filling the IPS log

Question

Hi Community, 
 [Update 2]: This issue has been fixed in SFOS v17.1.4 MR-4 . 
 [Update 1]: Please also see post below. 
 Some customers on SFOS v17.1.3 MR-3 are experiencing an issue where IPS is causing legitimate traffic to be dropped and the IPS log to be filled. 
 If you are experiencing these issues: 
 
 Please login to the XG via SSH and go to the following options:
 
 Option "4. Device Console": 
 Then run command: set ips tcp_option detect_anomalies disable

The fix for this is scheduled to included in the upcoming SFOS v17.1.4 MR-4 release. Please stay tuned for more information. 
 A KB article has been published for this issue. 
 Regards,

deeptibhavsar · Accepted Answer

Hi, 
 Summary of the issues: 
 - IPS legitimate traffic drop 
 
 We are tracking the issue with JIRA ID NC-39687 and will be resolved with SF 17.1 MR4 release 
 
 - IPS upgrade is failed from 9.15.36 version on SFOS release >= SF17.1 
 
 The issue is tracked with JIRA ID NC-39823 and that has been resolved now with 9.15.37 version. 
 
 Thank You for the valuable feedback. 
 
 Regards, 
 Deepti

FloSupport · Answer

Hi Community, 
 If you are experiencing issues related to the following IPS log entries: 
 
 Please attempt the commands provided in the mentioned KBA . 
 Regards,

[Sophos Notification] Sophos XG Firewall: ​IPS causing drops to legitimate traffic and filling the IPS log

[Sophos Notification] Sophos XG Firewall: IPS causing drops to legitimate traffic and filling the IPS log