Sophos XGS: How to configure Zero-day Protection feature on Sophos firewall.


Zero-day protection is powered by SophosLabs Intelix, a cloud service that combines machine learning, sandboxing, and research to detect known and unknown threats by analyzing suspicious downloads and email attachments. 

This article will guide you how to configure Zero-day Protection feature to help analyze and evaluate suspicious downloads.

2. Network Diagram.

3. Instruction

Step 1: Create Firewall Rule to enable Zero-day Protection feature

Go to Rule & Policies > Add Firewall Rule > New Firewall Rule.

Select and fill in the following parameters:

Rule Name: Enter the name you want

Action: select Accept

Source zone: LAN

Source networks and devices: LAN1(IP PC:

Destination Zones: WAN

Destination networks: Any

Services: Any

In Web Policy select Scan HTTP and Decrypted HTTPS and Use Zero-day Protection to use this feature.

Click on Save.

Step 2: Test the Zero-day Protection feature

To test you visit the following website:

Select CLICK HERE TO TEST YOUR BROWSER AND NETWORK and click on the test files below.

Or you can also visit the website:

Choose to download the eicar files below.

To check the results on Sophos Firewall select Zero-day Protection > Downloads and Attachments.

The test files all have Malicious status and are Blocked.

With View Report you will have a summary file of detailed information about virus files.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.