Thread Info
  • State Not Answered
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 35 replies
  • Subscribers 37 subscribers
  • Views 81736 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG SFOS 16.01 - Anti-Portscan?

Mike Jones

Greetings all,

I'm currently using the home version of Sophos XG and was wondering if there is a way to block port scans? I know that UTM has the ability for anti-portscans, but does XG have this capability as well?

 

Thanks.

 

Mike 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Luk and Mike,

    Take a look at my guide here. Now, start a port scan on XG and take a drop packet capture. You can see a denied log id=0103021, check the system log format attached to my guide. This is the denied entry for appliance access.

    By default, XG will drop such traffic unless the ports are explicitly allowed through the device access option.

    Hope that helps :)

  • 0 in reply to sachingurung

    Thanks Sachin.

    Anti-port scan requires an additional module so the system knows when an attacker is trying to find open ports and so block the attacker to go ahead. We know that XG blocks ports that are not allowed but anti-portscan has a different meaning. I think that port scan should be available with anti-dos engine. Sachin, can you find out and reply here back. UTM9 has portscan feature besides implicit deny from firewall module.

    We will appreciate it!

    Regards

Reply
  • 0 in reply to sachingurung

    Thanks Sachin.

    Anti-port scan requires an additional module so the system knows when an attacker is trying to find open ports and so block the attacker to go ahead. We know that XG blocks ports that are not allowed but anti-portscan has a different meaning. I think that port scan should be available with anti-dos engine. Sachin, can you find out and reply here back. UTM9 has portscan feature besides implicit deny from firewall module.

    We will appreciate it!

    Regards

Children
No Data