Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 5165 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS and Application

lenyick

I have notice that the IPS and Application seem to not be working their is nothing listed in the logs of  IPS and Application  for the pass week no activity.

I have tried nmap to try and trigger the rules of the ids and  tried some of the applications that is on the application Deny list to trigger the Application filter but their was no logs

every thing was working it was blocking but seem to just stop, did not make any changes to the filter rules in the firewall tab logging is check under the rules, Web protection is work  i can see logs for it.

what else can i do to test  IPS and Application  and get them back working.

 

IPS and Application signatures           3.13.04    -  10:11:55, Nov 10 2016    Success

 

Sophos Firmware Version SFOS 16.01.1                                                               
                                                                                                   
console> show ips-settings                                                                         
-------------IPS Settings-------------                                                             
        stream on                                                                                  
        lowmem off                                                                                 
        maxsesbytes 0                                                                              
        maxpkts 80                                                                                 
        mmap off                                                                                   
        enable_appsignatures on                                                                    
        http_response_scan_limit  65535                                                            
                                                                                                   
                                                                                                   
-------------IPS Instances------------                                                             
IPS CPU                                                                                            
 1  4                                                                                              
 2  5                                                                                              
                                                                                                   



This thread was automatically locked due to age.
  • 0

    Lenyick,

    Did you try to restart ips service and check if something changes? I am not sure about what service to restart for application....

  • 0 in reply to lferrara

    HI , 

    As lferrara, suggested you may restart the IPS service under System service > Service by Clicking on STOP and START. 

    Secondly , check if application classification is enabled through Console. 

    Console> system application_classification show 

    It should be ON ,if OFF then run command console>  system application_classification on.

    Finally , you may check the service is running or not 

    console>system diagnostics show subsystem-info

    Do not forget the Application filter policy applied on the Firewall rules.