The firewall blocks all ports from DNAT rules except ports 80 and 443

Hi,

I would recommend you make a call to support to report the issue and hopefully they will issue a new set of signatures.

Ian

Hi Hung Ho 

Could you please try to check IPS logs?

Click on log viewer from the Firewall Dashboard and Filter logs for IPS component and check.

Please also try to capture the logs through GUI packet capture for port 8081, apply IPS policy on the DNAT firewall rule.

Enable "IPS policy ID" from Show additional properties and check which IPS policy marked on packet capture- https://community.sophos.com/kb/en-us/123189

Hi Hung Ho 

If device is running with IPS signature version :9.16.45 then Please try by allowing the below signature time being. That will fix the issue.

Signature name: SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0703 attack attempt
Signature ID: 2301246

The investigation on such issues is ongoing as of now from support end and we have received such instances after last IPS version upgrade.

Thank you All Guys and Sophos online Support. Hope Sophos soon to issue the new set of signatures

Thank you, now I know what the report entry was referring to.

Ian

hi Vishal_R,

Thanks for valued information !

I Added custom policy with clone the IPS policy ( lantowan_general ) and edit it to 'Allow Packet' for the "SERVER-WEBAPP TRUFFLEHUNTER TALOS-2018-0703 attack attempt" on top of other categories now its working but i hope next IPS update will fix it.

Hi Hung Ho 

Upgrade (X.16.46) will be released soon to fix the issue.

Hi Kishan_Rauth 

IPS version including fix is available now and I checked in local LAB XG.

Hi Kishan_Rauth 

IPS version including fix is available now and I checked in local LAB XG.

It works. Thank you for your hard-working.