Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 12395 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Fails Cyren web security test that UTM9 passes

Billybob

Hi, I have moved the XG from the lab to my home firewall [:#] I was conducting some final tests and XG fails certain tests that the UTM passes. For example the basic cyren web security test at http://www.cyren.com/ fails on XG while UTM9 passes the same test.

On UTM9

On XG

I am not doing ssl scanning so the ssl virus test fail is expected. However UTM9 blocks botnet test whereas XG fails it. I was studying the logs [8-|] and the test botnet URL is 

http: //corbelsep.com//images/logomobi2.png


UTM9 categorizes is as suspicious business while XG categorizes it as general businesss. Is there any way of blocking such URLs in XG? By the way, advanced threat protection is enabled on XG and UTM9, but this is not a real botnet test.

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Bill,

    I am failing even physhing test. This is my result:

    using this web filter:

  • 0 in reply to lferrara

    Thanks for testing Luk, I usually use "warn uncategorized websites", that is why UTM9 passes the test. XG has two subcategories for un-cateogorized websites

    1. Uncategorized
    2. None

    If you block/warn None category, it will pass phishing test. Still don't know how to pass botnet test without blacklisting the url.

    On a positive note, I am liking XG more now that I am using it. The QoS is awesome in XG. So many ways to fine tune. On the other hand, even with very few rules, it is really easy to make the configuration so difficult that it is very hard to troubleshoot. I really miss the live log of UTM9.

  • 0 in reply to Billybob

    Bill,

    phishing URL should be blocked by Spam URL category (this makes sense). Botnet url/traffic should be catched and blocked by ATP module.

    Live log? Troubleshooting XG is still very hard. Most of the time you have to use Unix commands (tail -f, cat | grep, etc) to find out the cause.

    Only when XG will have log mechanisms like UTM9, people will start to switch to XG.

    Other features are missing, but as I said: "Power is nothing without control!"

Reply
  • 0 in reply to Billybob

    Bill,

    phishing URL should be blocked by Spam URL category (this makes sense). Botnet url/traffic should be catched and blocked by ATP module.

    Live log? Troubleshooting XG is still very hard. Most of the time you have to use Unix commands (tail -f, cat | grep, etc) to find out the cause.

    Only when XG will have log mechanisms like UTM9, people will start to switch to XG.

    Other features are missing, but as I said: "Power is nothing without control!"

Children
No Data