I have Setup Sophos XG in bridge mode, for the sole purpose of IPS to protect my servers. So far im a little confused on the default settings. It sounds like by default the IPS protects outbound traffic not inbound traffic.
How can I ensure that my bridge mode sophos box is protecting my servers from outside attacks?
Also I know Sophos actually manages thier IPS rules so false positives should be much less than something like pfsense, however im sure they will still happen, how do I go about finding the offending rule so i can disable it? Also how do i even find what IP has been blocked?
sorry, if these questions sound silly, but im only an hour into using Sophos XG, and im not finding it very intuitive, and ive tried finding documentation on what im trying to do, and most of what i have found has just lead to more questions.
This thread was automatically locked due to age.
