Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 6326 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS 17.1.3 MR-3 HTTPS sessions are freezing.

Maxim Grechikhin

Hi all!

Recently we got "XG 135 w" with subj firmware. After I configured all necessary policies and rules I performed a test launch by switching a couple of live users from old Cisco firewall to this new one.

Our users work with cloud CRM via HTTPS protocol and all switched users noticed that after a time webpage of CRM freezes and it is impossible to refresh it. Users had to relogin into CRM.

From my side I noticed the same with online radio app (PCradio) which works fine through Cisco firewall but hiccups and freezes while using Sophos.

Any ideas how to overcome this disappointment?

I didn't check the workflow with previous (recommended) firmware because it does not allow to restore the configuration made under newer one and there are a lot of settings to reproduce them again manually.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Maxim, 

    Make sure you have imported the Sophos SSL CA in the user systems root certificate directory. Refer to, https://community.sophos.com/kb/en-us/123048. If this is ok, and HTTPS scanning is the problem, then create exception for URLs associated to the CRM. 

    For advance troubleshooting, referencing my TS guide; check #1.1 and find the firewall rule ID that forwards the traffic. Then, check #1.2 and see if any defined filter policies within the firewall rule, drops the any related packets.

    Finally, check #4, #4.1 and #4.2, after verifying all the troubleshooting information, let me know the result and the glimpse of all the steps you performed. 

    Thanks, 

Reply
  • 0

    Hi Maxim, 

    Make sure you have imported the Sophos SSL CA in the user systems root certificate directory. Refer to, https://community.sophos.com/kb/en-us/123048. If this is ok, and HTTPS scanning is the problem, then create exception for URLs associated to the CRM. 

    For advance troubleshooting, referencing my TS guide; check #1.1 and find the firewall rule ID that forwards the traffic. Then, check #1.2 and see if any defined filter policies within the firewall rule, drops the any related packets.

    Finally, check #4, #4.1 and #4.2, after verifying all the troubleshooting information, let me know the result and the glimpse of all the steps you performed. 

    Thanks, 

Children
  • 0 in reply to sachingurung

    Hi, Sachin Gurung

    I do not have enabled HTTPS scanning in any of the firewall rules. And in terms of issue localisation I had disabled any additional filtering policies like "HTTP scanning" and "Application control" and performed the same test which has revealed the same result. That is why I am thinking about problems is in the firmware. It would be great if Sophos support could rise a ticket wherether they confirm it or not.

  • 0 in reply to sachingurung

    Hi Sachin,

    Today I tested firmware versions:

    SFOS 17.1.2 MR-2

    SFOS 16.05.9 MR-9

    and with minimum of configurations: (WiFi, Remote Access L2TP VPN, RADIUS auth, Single Sign On Client, and 1 firewall rule with user matching)

    The subj issue appears in all versions of firmware (.

     

    I've captured a log of dropped packets after event of which my PCRADIO translation frozen for a few seconds.

    https://we.tl/t-aApFSUE1lL

    Will appreciate any ideas how to overcome the issue except refunding Sophos appliance and 3yr subscription.

  • 0 in reply to Maxim Grechikhin

    Hi  

    Apologies for this inconvenience you are experiencing, we will try our best to assist you. Please note that if you do require immediate support and would like to speak to an engineer on the phone, please contact in to our support hotline to raise a case.

    Would it be possible for you to please enable the support access tunnel on your appliance and send me a private message with your access-ID so I can investigate your configuration?

    Thanks!

  • 0 in reply to FloSupport

    Hi Sophos support team,

    The issue is localized. Packet drops happen every ~5mins if you use Client-based SSO app against RADIUS (Windows NPS in my case) to authenticate users in Firewall. And it doesn't matter whether your firewall rule(s) has user matching or not. So I switched user authentication in the firewall against AD and VPN authentication set against RADIUS considering security limitations. The issue is disappeared.

     So I do not see the reason to open support case regarding this issue, but I hope it won't slide from attention of Sophos DEVs.