Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

How To Configure IPS Exception In Sophos XG Firewall

Sometimes firewall module IPS will block some legitimate traffic as malicious traffic which results in blocking of some legitimate traffic. Here in this article we will configure how to create IPS signature exception in sophos XG firewall for specific traffic false positive traffic.

NOTE:

Many users will have confusion how to identify whether the traffic is malicious or legitimate. The best way to identify is identify the source IP in log viewer and destination IP in log viewer. You can check whether source IP is trusted or not. In case if it is trusted IP address you can go a head and create IPS exception rule for the traffic. In case if the IP address is untrusted, better to not to create IPS exception until the traffic is trusted.

Step-1:

First you need to open log viewer in sophos XG firewall and select module “IPS” and identify “signature ID” in the below image

log viewer
IPS logs

From the above image note down signature ID and Firewall rule ID.

Step-2:

You can identify the name of IPS policy in the concerned firewall rule. Here IPS referred to as generalpolicy in the firewall rule.

IPS policy
Firewall rule

Now select concerned policy under “Intrusion Prevention” and select “IPS policies” tab

IPS policies
IPS policies

Identify the concerned policy and click on concerned policy and select specific signature which you have observed under log viewer. By using the filter option beside “SID” tab, you can search for specific signature.

Individual signature
Specific signature

Once you select specific signature you need to “allow the packet” under action menu as shown in the below image

IPS signature
Signature action

Once you update the policy save it. Now you can try to access the initiate the traffic again, IPS will not block it.

Hope this article helps you.