Quantcast
Channel: Sophos User Bulletin Board
Viewing all 14361 articles
Browse latest View live

Block all EMail TO a specified internal address

May 7, 2013, 7:46 am
$
0
0
Hi guys, bit of an oddball request this but here goes.

I have a mailserver that accepts emails to "anything"@mydomain.co.uk and routes it into a single mailbox, when I register for certain online services I use an email address specific to the service I'm signing up for, i.e. "sophos@mydomain.co.uk" for this forum, that way if that email address leaks into spammers hands I can just block that address. I have just such a situation and have tried (and failed) to block the email.

I've tried using the expression filter but it's not what it's for and because the recipient address isn't contained within the EMail body it doesn't work. The default RBL picks up 99% of it but the occasional one makes it through. I can block this on my mailserver but I like a challange and I'd like to keep all anti-spam in one place.

Can anyone think of a way to achieve this?

Cheers
Search

Perfect for home? New Intel Atom coming late 2013

May 7, 2013, 8:13 am
$
0
0
Intel's PR says these new Atom's, built on a 22nm process, will be 3x faster and use 5x less power. If they support 8Gb of RAM and an SSD, sounds like it might be an excellent choice for a home UTM.

Google or Bing "Intel Atom Silvermont".

Upgrade to 9.1 - Emulex OneConnect failed

May 7, 2013, 8:17 am
$
0
0
After upgrading to 9.100-12 the Emulex OneConnect network card (HP NC550SFP 2-Port 10GbE PCI-E NIC) no longer works.
In 9.006-5 everything worked fine.

The following message appears in the logfile:

be2net 0000:11:00.0: POST timeout; stage=0xc911
be2net 0000:11:00.0: Emulex OneConnect initialization failed
be2net: probe of 0000:11:00.0 failed with error -1
be2net 0000:11:00.1: POST timeout; stage=0xc911
be2net 0000:11:00.1: Emulex OneConnect initialization failed
be2net: probe of 0000:11:00.1 failed with error -1

Upgrade auf 9.1 - Emulex OneConnect funktioniert nicht mehr

May 7, 2013, 8:36 am
$
0
0
Nach dem Update auf die Version 9.100-12 funktioniert die Emulex OneConnect Netzwerkkarte (HP NC550SFP 2-Port 10GbE PCI-E NIC) nicht mehr.
In der Version 9.006-5 funktionierte die Karte noch einwandfrei.

Folgende Meldungen erscheinen im Log:

be2net 0000:11:00.0: POST timeout; stage=0xc911
be2net 0000:11:00.0: Emulex OneConnect initialization failed
be2net: probe of 0000:11:00.0 failed with error -1
be2net 0000:11:00.1: POST timeout; stage=0xc911
be2net 0000:11:00.1: Emulex OneConnect initialization failed
be2net: probe of 0000:11:00.1 failed with error -1

Sophos Cloud updated to 1.4

May 7, 2013, 9:10 am
$
0
0
Hi,
we just updated Sophos Cloud to version 1.4. In this release we did bugfixes, improved the responsiveness of the application and updated the initial setup wizard according to the feedback that we received.

Fixed Issues
  • [25385] Revised Initial Setup Wizard


Best regards,
Andreas (on behalf of the Sophos Cloud team)

L2L VPN w/NAT @ AWS

May 7, 2013, 10:37 am
$
0
0
I'm wondering if there are others out there using a UTM9 appliance in an Amazon VPC environment who might have some insight on the following:

I need to establish a L2L VPN between a partner's LAN and an EC2 instance in the "internal" segment of my VPC. They will be NAT'ing their internal IPs to one or more public IP addresses. So far so good-- I've done this sucessfully.

They also want me to NAT my internal IP to a publicly-routable IP. This is where I'm a less sure how to proceed. Would I assign an additional EIP to the UTM instance and then use SNAT/DNAT to direct that address to the private IP of the desired EC2 endpoint? Or would I assign the EIP to the endpoint instance itself?

Wondering if anyone could point me to some examples or "best practice" docs on dealing with these sorts of configurations specifically within the context of Amazon VPC.

thanks

Reports

May 7, 2013, 12:04 pm
$
0
0
In the sophos cloud management console the "Reports" TAB is grayed out. Why is this?

Regards,

Michel Nys

Error: Server error: 504

May 7, 2013, 12:07 pm
Search

Uninstall Process w/current Endpoint

May 7, 2013, 12:18 pm
$
0
0
I would like to inquire if there is an uninstall for current Sophos A/V. 3rd Party is included, but if we were wanting to deploy this to an area that already had an existing standalone client w/o Enterprise console or on domain enviroment. How can this be accomplished w/o the end user uninstalling the currently installed Sophos software?

Thanks,
Jeff

DHCP and Dynamic Updates

May 7, 2013, 4:30 pm
$
0
0
Just curious if the DHCP feature on a UTM is able to dynamically register PTR records with AD integrated DNS that supports secure and non-secure updates?

Best Practice (Sophos UTM with VMWare ESXi 5.1 and SSD Host Cache)

May 7, 2013, 7:28 pm
$
0
0
So I have no idea why the Web Proxy is slow when installed on separate hardware, but hardware may be the reason.

I installed the Sophos UTM on custom hardware (Intel Core i7, 32 GB of RAM) and for some reason, I could not adjust the performance of the product and the web caching was not the best.

I then purchased 2 SSD (120 GB) drives and connected them to the SATA 6 ports, installed ESXi 5.1 on my 1 TB hard disk, and then configured the network for testing. I set the SSD Host Cache up on ESXi 5.1 after creating a VM for Sophos UTM. I then changed the default swap file location to the SSD Host Cache location (supreme performance).

I created the VM to execute in the local disk and the virtual hard disk on the spare SSD with 7 GB of RAM. The boot time was less than 10 seconds. After configuring the Sophos UTM, I turned on the Web Caching (Web Proxy) and it's unbelievably fast when running from a SSD, using the SSD Host Cache as the swap file location, and being used in VMWare ESXi 5.1 (free version) after tuning and creating policies.

I would highly recommend using this product under VMWare ESXi 5.1 with SSD's (SATA 6); 1 as a SSD Host Cache, SATA 3 hard drives, and Intel Core i7 (Hyperthreading is enabled). RAM is the user's choice!

AMD's FX Core is fast too, but without hyperthreading, the performance is not as great.

User Portal: Mail Protocol: Filters do not work

May 8, 2013, 1:45 am
$
0
0
Hello!

UTM 120, FW 9.006-5

I have a problem regarding the Mail Protocol offered to UTM users in the User Portal. In FW 8, users could log into the User Portal, open the Mail Protocol and filter for Emails as they liked. In the current FW, I cannot apply any filters at all.

Entering a search string in the correct field: nothing happens.
Checking/Unchecking Mail Status Icons (in quarantine, etc): nothing.
Date Range does nothing.
Trying to sort the list by newest/oldest mails: nothing.

Additionally, I cannot see any "search" button to apply the filters. But moving the cursor to the next field doesn't help either. Should there be a button, or was there one in older FW versions? Can't remember.

Can someone please check in FW 9 if his filters work? If you encounter the same problems, I will open a support case.

Or am I missing something here?

Image showing a filter for "testtesttest" does not work: http://s10.postimg.org/6afavq4zd/userportal.jpg

/edit: Problem occurs both in FF and IE.

ownCloud - Upload Limit (Content-Length)

May 8, 2013, 2:39 am
$
0
0
Hi,

I have an Apache web server in my internal network on which an ownCloud instance is running.
It is protected by WAF.
My setup is working fine so far (at least for smaller files).
If I try to upload a file >128MB from external to my ownCloud instance I get the following WAF log eintries:
Code:
2013:05:08-11:21:35 vpn reverseproxy: [Wed May 08 11:21:35.555140 2013] [security2:error] [pid 9816:tid 3895282544] [client <my-pub-ip>] ModSecurity: Request body (Content-Length) is larger than the configured limit (134217728). [hostname "<mydomain.com>"] [uri "/owncloud/index.php/apps/files/ajax/upload.php"] [unique_id "AAA12345aaa"]
2013:05:08-11:21:35 vpn reverseproxy: srcip="<my-pub-ip>" localip="<wan-interface-ip>" size="371" user="-" host="<my-pub-ip>" method="POST" statuscode="413" reason="-" extra="-" time="337" url="/owncloud/index.php/apps/files/ajax/upload.php" server="<mydomain.com>" referer="https://<mydomain.com>/owncloud/index.php/apps/files" cookie="508d626f7872f=irc8vbpm7023pgefjk14de7f45; HASH_508d626f7872f=06299B8BCF8BA83A7213F19D9468964255EE8E01" set-cookie="-"
I switched off all checkboxes in the WAF Firewall Profile for this virtual host, but that didn't change anything.
Is there any possibility to set a higher Content-Length limit (e.g. via cc)?
I didn't find any places to tweak this setting in WebAdmin.

Note: This is not an ownCloud limit, as it works with a DNAT rule.

FATAL Error

May 8, 2013, 4:11 am
$
0
0
Hi
I have a problem with IPS, i don't have access to the internet when i enable the IPS.
the IPS' logs show me this ERROR!
"FATAL ERROR: /etc/snort/rules/astaro.rules(249) Cannot use the fast_pattern content modifier for a lone http cookie/http raw uri /http raw header /http raw cookie /status code / status msg /http method buffer content."
please help me Thank you.

Utm9 .iso & xen 6.1

May 8, 2013, 7:00 am
$
0
0
Hi,

I´m trying to install UTM on my host - XenServer v6.1 - but no success, I already tried to use RedHat, CentOS, Suse from Guest List provided by XenCenter; each time shows an error like this below:

"The bootloader for this VM returned an error -- did the VM installation succeed? INVALID_SOURCE
Unable to access a required file in the specified repository: file:///tmp/cdrom-repo-XYZXYZXYZXYZ/install/vmlinuz."

Does any one what version should choose from Xen guest list to accomplish the install?

tks,

Renato P
Search

Site-to-Site IPSec VPN with SNAT

May 8, 2013, 7:24 am
$
0
0
Hi all,

I need to configure a Site-to-Site IPSec VPN with SNAT, I mean the source network must be natted to single IP address before enter in VPN connection.

I created a SNAT rule with:
Source Private Network ---> Any ----> Remote Private Network
Source Translation: 192.168.200.1
Advanced Option "Rule applies to IPSec packets" enable

My question is: in "Site-to-Site IPSec VPN" Connections, what do I have to configure as "Local Networks"? The "Source Private Network" or 192.168.200.1 or both?

Best Regard,
Stefano

[BUG] no validation on scan exclusions

May 8, 2013, 8:03 am
$
0
0
In Policies > edit policy > Malware scan performed > Change Exemptions

entering an invalid exclusion for example C:\test* or C:\!"£%!£^$"&)&")* isn't validated at the when added/saved. It fails to apply it at the endpoint and reports back to SaaS as out of compliance, but doesn't state what is out of compliance so could be difficult for the end user to know why its out of compliance for what might look like a valid exclusion.

nat on port 443 not working

May 8, 2013, 10:00 am
$
0
0
hello

I just installed a sbs server with exchange 2010. Now i know already that my isp blocks port 443 so in order for me to use Outlook Web Access from the internet i created the following nat rule:

traffic selector: Any -> port 12127 (or any other port of choice) -> External (WAN)
Dest. transaltion: Exchangeserver -> https service

Now, from the internet (another range then the one of my isp) i can reach the standard IIS page but if i try to go to the owa page(MyServer - Web hosting information and review | Just another WordPress site) i get as the classic certificate error on which i chose to continue anyway and then the following error page appears:

Forbidden
You don't have permission to access /owa/auth/logon.aspx on this server
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request

What am i missing here? Owa works perfectly in the lan, it also works if i change the nat port 12127 to 443 (but and only from other networks of the same isp cos as i mentioned my isp won't allow port 443 to be reachable from other isp's networks). So i am pretty sure is not a IIS or certificate issue.

Anyone help please?

Ed

Sophos UTM9 - 9.006-5

1 subnet with 1 computer needs outbound access

May 8, 2013, 10:16 am
$
0
0
I had customer come in today with a computer that needs outbound access and must use the ip address he assigned to it. The address assigned is not within any subnets/vlans that I currently have. What is the best way to configure this computer for outbound access. I am at version 8.306.

Thanks

IPS Bittorrent Rules ID to disable

May 8, 2013, 12:25 pm
$
0
0
Hi All
as info. The IPS rules shown on the log for Bittorrent are not the one to block.
Referring to the IPS Report the Rules are different.

ID 16282 - BT traffic
ID 2180 - BT request

these two would need to be added as modified rules and be disabled.
- Network Protection -> Intrusion Prevention -> advanced -> modified rules -> add and set to disable.

Since then i run IPS and Bittorrent without any drops.

happy hunting
armin
Viewing all 14361 articles
Browse latest View live
Search