Advisory: Sophos XG Firewall CVE-2018-5389

This article explains that the Sophos XG Firewall is not affected by CVE-2018-5389, a vulnerability with IPsec Internet Key Exchange (IKE) v1.

The following sections are covered:

Applies to the following Sophos products and versions

Sophos Firewall

The Sophos XG Firewall is not affected by this vulnerability. Using low entropy pre-shared-keys (PSK) is always risky, and customers should use long, complex PSKs. Otherwise please use certificates or RSA keys instead.

Sophos XG Firewalls on SFOS v17 and above should use IKEv2 to further enhance security.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

Streamed VDAs Bluescreen a Few Minutes After Booting

Remove the MCSIO drive from the vDisk, which is installed together with the VDA software .

1. Create a new vDisk version and boot it in maintenance mode

2. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass{4d36e967-e325-11ce-bfc1-08002be10318}, find UpperFilters key with CtxMcsWbc in it. Remove *only* CtxMcsWbc line from UpperFilters and keep other lines.

3. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesCtxMcsWbc, set Start=4.

4. Shut down the target.

5. Promote the vDisk to production.

Related:

  • No Related Posts

Folder Structures – Best Practices at the Root Level Folder

Quick Jump (click one!)

Who will be creating the structure? Who will need access? Personal Folders Advanced Folder Settings Limitations Tips and Full Guide

Who will be creating the structure?

The ability to create root level folders is dictated by the employee permission ‘Create root-level folders.’ This permission is not for Admin users only. Employees with this permission will be able to create root level folders. To allocate this permission to an existing employee, navigate to ‘People’ -> ‘Manage Employees’ -> Select a user’s profile -> Allocate permissions at the bottom of the screen under ‘User Access’.

If a user is granted upload rights on a folder, they will have the ability to create subfolders within that folder.

TIP! If you are using the ShareFile User Management Tool to provision users directly from AD, you can allocate the ‘Create root-level folders’ permission to users at the time of group rule creation.

Who will need access?

Understanding who will be accessing the data in a folder structure is extremely important to the planning process. ShareFile allows for sharing folder access with both internal (employees) and external (clients) users. To share a folder with a user, you will need to be an admin user on the folder, or the creator. Simply navigate to that folder location > Select the ‘People on this Folder’ tab > ‘Add People to Folder’ > Select the user and assign permissions > ‘Add’. Click here for more info on how to Add People to a Folder.

TIP! You can add users to a folder in bulk by utilizing distribution groups.

Personal Folders

Personal Folders are automatically created for each Employee User at the time of provisioning. The user should reserve this location for private use and any folders in this location should not be shared with other users. Any folders that are going to be shared should be created or moved to the ‘Shared Folders’ area. By default, employees have the ability to upload and download files from this folder. They also will be able to create subfolders and add other users to those subfolders with desired permissions. Click here for more info on ShareFile Personal Folders.

TIP! As an Admin, you can always view an employee’s Personal Folder to ensure they are adhering to best practices and internal standards. This can be done by navigating to:

‘People’ -> Manage Employees -> Select Profile -> ‘View folders and activity logs’ -> ‘Access Personal Folder’

Advanced Folder Settings

As a ShareFile Admin, you have the ability to set account-wide folder defaults within the Admin Settings console. These settings will be applied to any net new root-level folders that are created within your account. However, Advanced Folder Settings allows folder Admins to override these defaults to apply custom policies on a per root-level folder basis. Click here for more info on how to Create a Folder & Advanced Folder Options.

TIP! By default, a user given Admin rights at the root-folder level has the ability to adjust the retention policy on that folder (and therefore all subfolders beneath). However, ShareFile offers a setting that can be enabled by Citrix Support that only allows employee users with ‘Modify account-wide settings’ to adjust folder retention policies via Advanced Folder Settings.
Limitations

Although ShareFile does not provide defined parameters regarding folder size, depth, or number of items allowed, the following best practices will ensure optimal performance.

File Path Limit

ShareFile recommends adhering to Microsoft File Path limitations by avoiding path names that exceed 250 characters. Shorten paths by renaming folders and files or moving deep lying folders higher up the tree. This is extremely pertinent if you are planning on deploying the ShareFile Sync for Windows application.

Horizontal not Vertical

As mentioned earlier, it is best practice to keep your folder structure spread wide at either the root level or the second level down. This will prevent a narrow, deep structure from evolving that can cause a poor user experience and strain the ShareFile system. These changes can help to disburse items and prevent a folder from hitting the upper limits. This is linked to the number of calls required when adjusting folder settings, user access, and account wide policies. Furthermore, users will lose productivity if they’re required to click through a deep folder tree to access documents.

File Versioning

Adjust your file versioning to only keep the last 25 or less files. This can be adjusted from the Admin Settings under Advanced Preferences > File Settings.

Limit items in each folder

ShareFile folders should not contain more than 5,000 items within an individual folder or sub-folders. An “item” includes any elements within a folder. This includes files, folders, additional versions of files, and notes. Additionally, items in the recycle bin from the affected folder before emptied are included in the overall item count. When a folder reaches or exceeds this limitation, the consequences can be detrimental to the account and explicitly the folder in question.

The impacts could include:

  • Inability to upload documents.
  • Slow or inaccessible folder operations such as browse, copy, move, delete, and restore.
  • Time-outs in Web application
  • Inability to temporarily access particular folder
  • Temporary account lock out.

If you are currently experiencing these issues or are approaching these folder limits, please contact support for assistance.

Folder Size

ShareFile folders should not contain more than 10GB of data. Exceeding this limit will result to slow folder operation like copy/move/delete/restore.

Tips:


Complete Folder Structure Best Practices Document

Related:

  • No Related Posts

How to use Director to monitor NVIDIA GPU usage

Director provides monitoring of the NVIDIA GPU infrastructure in the environment to assist in troubleshooting slowness or unresponsiveness on a machine. The Machine Utilization panel on Director is enhanced to display real-time NVIDIA GPU monitoring graphs. The graphs include percentage utilization of the NVIDIA GPU, the GPU memory, and of the Encoder and the Decoder of the Server and Desktop OS VDAs.

This feature requires Delivery Controller(s) and VDAs version 7.14 or later. GPUs are monitored on VDAs running 64-bit Windows, with NVIDIA Tesla M60 GPUs and running Display Driver version 369.17 or later.

The VDAs must have HDX 3D Pro enabled to provide GPU acceleration.


Refer to Citrix Documentation – Troubleshoot machines

Related:

  • No Related Posts