Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 812 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MCS client doesn't use system proxy (WPAD)

MassimoDalla Giustina

On a Windows10 with system proxy configured via WPAD, the MCS component doesn't use this configuration and goes directly via gateway.

These are the logs from McsClient.log:

2021-03-17T13:33:55.889Z [ 5088: 6040] [v4.13.16.0] INFO GET mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com:443/.../...
2021-03-17T13:33:55.917Z [ 5088: 6040] [v4.13.16.0] INFO 200 : sent=0 rcvd=140 elapsed=28ms
2021-03-17T13:33:55.917Z [ 5088: 6040] [v4.13.16.0] INFO Establishing push connection
2021-03-17T13:33:55.919Z [ 5088: 6040] [v4.13.16.0] INFO [push]: [connect] trying server mcs-push-server-eu-central-1.prod.hydra.sophos.com/ps
2021-03-17T13:33:55.919Z [ 5088: 6040] [v4.13.16.0] INFO [push]: [connect] trying direct connection without a proxy
2021-03-17T13:33:55.919Z [ 5088: 6040] [v4.13.16.0] INFO GET mcs-push-server-eu-central-1.prod.hydra.sophos.com:443/ps
2021-03-17T13:33:56.021Z [ 5088: 6040] [v4.13.16.0] INFO 200 : sent=0 rcvd=0 elapsed=102ms
2021-03-17T13:33:56.022Z [ 5088: 6040] [v4.13.16.0] INFO [push]: [connect] using server mcs-push-server-eu-central-1.prod.hydra.sophos.com/ps without a proxy (peer address 52.28.112.0)
2021-03-17T13:33:56.031Z [ 5088: 6040] [v4.13.16.0] INFO (async) GET mcs-push-server-eu-central-1.prod.hydra.sophos.com:443/.../....
2021-03-17T13:33:56.130Z [ 5088:18160] [v4.13.16.0] INFO (async) 503 : conntime=98ms
2021-03-17T13:33:56.130Z [ 5088: 6040] [v4.13.16.0] WARN (async) connection timeout
2021-03-17T13:33:56.131Z [ 5088: 6040] [v4.13.16.0] WARN [push]: error creating async stream: 0
2021-03-17T13:33:56.131Z [ 5088: 6040] [v4.13.16.0] INFO [push]: Dropping connection after error

What is the reason why the MCS doesn't use the system proxy?

Thansk

Max.



This thread was automatically locked due to age.
  • 0

    Hi There,

    By any chance, have you already configured the Proxy settings on the central dashboard itself? You may refer to this Article for the steps. Also, ensure that you have allowed your proxy the required domains and port for Sophos central in order to avoid any communication issues. Refer to this documentation.

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community
  • 0

    Hi GlennSen

    thanks for your answer. I already considered both documents. Following the KB-000034818 I can't specifiy/use the WPAD configuration. If I manually specify the proxy (not using WPAD), the MCS can communicate inside the corporate network but not when the client is outside, so this can't be the solution.

    Also I already permitted the host/domain and ports on the Sophos SG firewall but the problem we discovered is that the MCS first call https://mcs-push-server-eu-central-1.prod.hydra.sophos.com:443 and this pass the firewall but then it calls also for su-*.mcs-push-server-eu-central-1.prod.hydra.sophos.com and this is blocked because we can't define wildcard on the firewall rules.

    The MCS must support also the system proxy configuration WPAD.

     Max.

  • +1

    The solution is to use the DHCP option 252 by specifying the WPAD address.

    Max.

Unfiltered HTML