XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

Advanced Threat protection reolve bad urls to Sophos IP Address

Palo Alto has a wonderful feature called DNS Sinkholing( https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/threat-prevention/dns-sinkholing#) where infected machines on the inside network that send dns requests external for malicous urls can be easily identified. This is achieved by resolving bad urls to a Sophos Public IP address and then every internal machine trying to access this IP is known to be infected with malware. Currently with Advanced Threat protection we can only see these DNS requests from the internal DNS server and not the end device which makes tracking down infected machines a much greater task.

2 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.