Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 4103 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMC with Sophos UTM as reverse proxy

KobbyWu

Hi,

i've configure the UTM to reverse proxy to the SMC server with HTTPS.

i'm able to connect to the mobile control console, but i'm not able to sync the ios app with the console via the reverse proxy.

is there something that i need to tweek in the utm to make it syn-cable?

Thank you,

K



This thread was automatically locked due to age.
Parents
  • 0

    Hi Kobby,

    the communication between the SMC Server and the Client is secured with a specific client certificate.
    Therefore, you should not perform any SSL inspections to ensure the app synchronizes.

    Have you perhaps enabled a firewall profile for the SMC server? If so, some exceptions are required.

    Please see below for an example firewall profile configuration which works for SMC:

    Enable the following settings:

    • Pass Outlook Anywhere
      • Mode: Reject
    • Common Threat Filter
    • Rigid Filtering
    • Antivirus
      • Mode: Dual Scan
      • Direction: Uploads and Downloads
    • Block unscannable content
    • Block clients with bad reputation
    • Skip remote lookups for clients with bad reputation

    Within the Threat Filter Categories all categories can be enabled.

    To provide full Sophos Mobile Control functionality the following IDs have to be added to the "Skip Filter Rules" section. The "Import" functionality can be used to upload the list below:

    • 951173
    • 960010
    • 960015
    • 960018
    • 960032
    • 970901
    • 981176
    • 981200
    • 981203
    • 981204
    • 981205

    The following settings should not be enabled for this firewall profile:

    • Cookie signing
    • Static URL hardening
    • Form hardening

    Best regards
    Stefan

  • 0 in reply to SDU

    Hi Stefan,

    thanks for the instruction, however as for debug purpose initially i did not enable the firewall profile.

    i have now add in the firewall profile as per you described, i'm still not able to sync, on the ios app it is still saying synchronisation failed - could not connect, please try again later.

    any more clues? obviously this is not in production so i haven't gone out and get a ssl from external ca for it, but i wouldn't think this is something related to the ssl cert.

    thanks,

Reply
  • 0 in reply to SDU

    Hi Stefan,

    thanks for the instruction, however as for debug purpose initially i did not enable the firewall profile.

    i have now add in the firewall profile as per you described, i'm still not able to sync, on the ios app it is still saying synchronisation failed - could not connect, please try again later.

    any more clues? obviously this is not in production so i haven't gone out and get a ssl from external ca for it, but i wouldn't think this is something related to the ssl cert.

    thanks,

Children
No Data
Unfiltered HTML