Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 9 subscribers
  • Views 2378 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Local DNS server being blocked by a handful of computers

Stephen Knott

HI,

We've got a situation where a few of our computers (six out of 30) are unable to access our network. This has happened since we enabled the auto isolate feature.

From testing it would seem that traffic to our DC is being blocked from the client. We are unable to ping it or use it to perform an NSLOOKUP. Interestingly though we are able to perform NSLOOKUPs using google's DNS server (8.8.8.8).

In the Sophos Cloud Console the computers aren't showing as being isolated and no events have been logged. However if we try to perform an update or scan on the client via the cloud console nothing seems to happen, presumably because the client computer is unable to communicate fully on the network?

Anyone got any ideas as to what this could be or how to resolve it?

Thanks in advance,



This thread was automatically locked due to age.
  • 0

    Hi  

    Machine isolation happens with machines which have red health status.

    I'd suggest you check the health status of the machines which act as isolated from others.

    If you find the red health status, please try to resolve it. Malicious traffic detection is the component which is responsible to isolate the machines with red health status.

  • 0 in reply to Jasmin

    HI Jasmin,

    Thanks for your reply.

    None have red health status listed. I've tried disabling Network Threat Protection on the client through the admin section, but nothing seems to change.

    Any other thoughts?

    Thanks,

    Stephen

  • 0 in reply to Stephen Knott

    Hi  

    If this is the case, then the issue is probably with the DNS server and it might not because of Sophos.

    I'd suggest you trace the path from the client to the DNS server and check whether it is getting dropped in-between anywhere?

  • 0 in reply to Jasmin

    You should be able to use a 1 time password from Sophos Central, try using that on the Server.  Then disable different Sophos features while test to see if the issue goes away.  I am curious as well, can you login to the server in question and ping/nslookup out to confirm if it is completely isolated or not?

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?