Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=active-threat-response-sophos-xops-threat-feeds

Sophos X-Ops threat feeds

Sophos X-Ops threat feeds is a SophosLabs-managed global threat database that's regularly updated and pushed to the firewall. The firewall blocks all requests and traffic matching this database of malicious IP addresses, domains, or URLs.

Sophos X-Ops threat feeds are turned off by default.

Requirements

Configure Sophos X-Ops threat feeds

  1. Go to Active threat response > Sophos X-Ops threat feeds.

  2. Turn on Sophos X-Ops threat feeds.

    The firewall scans traffic for the IP addresses, domains, and URLs in the threat feed.

  3. Select the action from the following options:

    • Log only: Only logs threats.
    • Log and drop: Logs and blocks threats.

  4. Click Apply.

More resources