Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 4040 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 135 - v17.0.2 MR-2 - SandStorm and FTP

SFIA_IT

I'm attempting to find out if SandStorm is supposed to work with FTP? I'm running a Filezilla Server on the regular port on the WAN connection, yet when I access it via FileZilla client from the LAN, I'm able to transfer known suspicious files that would/should trigger SandStorm. I'm not suing any security within the FTP apps.

As a good test, I have a BATch to EXE converter and it seems every file it makes, trips SandStorm - this is great from the perspective of triggering SandStorm repeatedly.



This thread was automatically locked due to age.
Parents
  • +1

    Hi  

    Sandstorm on the XG firewall integrates via Web and Email Protection. Therefore, it is activated by enabling the AV on both modules.

    To learn how to enable them, follow our KB: https://community.sophos.com/kb/en-us/125835

    In short it will only scan files that would fall through the Web/Email Protection filters. You would need to enable scanning for HTTP/HTTPS first to enable Sandstorm via the Detect zero-day threats with Sandstorm checkbox as indicated by above KB. 

    Also, on your FileZilla client, what port are you using to connect to the FTP server? The list of ports scanned by Web Protection is found under Web > General Settings

    Best,

    Karlos

Reply
  • +1

    Hi  

    Sandstorm on the XG firewall integrates via Web and Email Protection. Therefore, it is activated by enabling the AV on both modules.

    To learn how to enable them, follow our KB: https://community.sophos.com/kb/en-us/125835

    In short it will only scan files that would fall through the Web/Email Protection filters. You would need to enable scanning for HTTP/HTTPS first to enable Sandstorm via the Detect zero-day threats with Sandstorm checkbox as indicated by above KB. 

    Also, on your FileZilla client, what port are you using to connect to the FTP server? The list of ports scanned by Web Protection is found under Web > General Settings

    Best,

    Karlos

Children
  • 0 in reply to Karlos

    Hi Karlos, many thanks for the reply... I have all the relevant scanning options turned on that you've explained.

    I'm just a little surprised that FTP isn't included in the SandStorm scanning. The list of ports in the Web Proxy Configuration is not the same as 'list of ports scanned by Web Protection'. I'm using TCP 21 for my FTP server.

    Thanks :-)

    Dav