Sophos Firewall

Discussions Sophos XG - Block by User Agent

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 1 reply
Subscribers 27 subscribers
Views 1019 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG - Block by User Agent

Jack van den berg over 5 years ago

Hi There,

We are looking for a way to block a specific user agent from being allowed through the firewall.. i cant see any way to do this?

The user agent is: user_agent="AppleExchangeWebServices/807 AddressBookSourceSync/2421.27"

Id rather avoid creating a IP block on the XG rule as there could be other legitimate traffic coming from this source.

Thank you

This thread was automatically locked due to age.

Top Replies

Prism over 5 years ago +1

Hi,

There's no way to create a custom application signature in Sophos XG. You will have to block it with a custom IPS Signatures.

Can you try out this (horrible) made signature ? You can create a Custom IPS Signature inside the Intrusion Prevention Tab, at Custom IPS Signatures.

content:"|41 70 70 6c 65 45 78 63 68 61 6e 67 65 57 65 62 53 65 72 76 69 63 65 73|";

It should look like this:

After creating it, you can apply it on a IPS Policy, then on a Firewall Rule.

Here's the result of the IPS Engine matching correctly the signature. (I've change my browser user agent to it, to see if it worked.)

Thanks!
Jump to answer

Parents

0 Prism over 5 years ago

Hi,

There's no way to create a custom application signature in Sophos XG. You will have to block it with a custom IPS Signatures.

Can you try out this (horrible) made signature ? You can create a Custom IPS Signature inside the Intrusion Prevention Tab, at Custom IPS Signatures.

content:"|41 70 70 6c 65 45 78 63 68 61 6e 67 65 57 65 62 53 65 72 76 69 63 65 73|";

It should look like this:

After creating it, you can apply it on a IPS Policy, then on a Firewall Rule.

Here's the result of the IPS Engine matching correctly the signature. (I've change my browser user agent to it, to see if it worked.)

Thanks!

If a post solves your question use the 'Verify Answer' button.

XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.
Cancel
Vote Up +1 Vote Down

Cancel

Reply

0 Prism over 5 years ago

Hi,

There's no way to create a custom application signature in Sophos XG. You will have to block it with a custom IPS Signatures.

Can you try out this (horrible) made signature ? You can create a Custom IPS Signature inside the Intrusion Prevention Tab, at Custom IPS Signatures.

content:"|41 70 70 6c 65 45 78 63 68 61 6e 67 65 57 65 62 53 65 72 76 69 63 65 73|";

It should look like this:

After creating it, you can apply it on a IPS Policy, then on a Firewall Rule.

Here's the result of the IPS Engine matching correctly the signature. (I've change my browser user agent to it, to see if it worked.)

Thanks!

If a post solves your question use the 'Verify Answer' button.

XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.
Cancel
Vote Up +1 Vote Down

Cancel

Children

No Data