Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 6326 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS 17.1.3 MR-3 HTTPS sessions are freezing.

Maxim Grechikhin

Hi all!

Recently we got "XG 135 w" with subj firmware. After I configured all necessary policies and rules I performed a test launch by switching a couple of live users from old Cisco firewall to this new one.

Our users work with cloud CRM via HTTPS protocol and all switched users noticed that after a time webpage of CRM freezes and it is impossible to refresh it. Users had to relogin into CRM.

From my side I noticed the same with online radio app (PCradio) which works fine through Cisco firewall but hiccups and freezes while using Sophos.

Any ideas how to overcome this disappointment?

I didn't check the workflow with previous (recommended) firmware because it does not allow to restore the configuration made under newer one and there are a lot of settings to reproduce them again manually.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Maxim, 

    Make sure you have imported the Sophos SSL CA in the user systems root certificate directory. Refer to, https://community.sophos.com/kb/en-us/123048. If this is ok, and HTTPS scanning is the problem, then create exception for URLs associated to the CRM. 

    For advance troubleshooting, referencing my TS guide; check #1.1 and find the firewall rule ID that forwards the traffic. Then, check #1.2 and see if any defined filter policies within the firewall rule, drops the any related packets.

    Finally, check #4, #4.1 and #4.2, after verifying all the troubleshooting information, let me know the result and the glimpse of all the steps you performed. 

    Thanks, 

  • 0 in reply to sachingurung

    Hi, Sachin Gurung

    I do not have enabled HTTPS scanning in any of the firewall rules. And in terms of issue localisation I had disabled any additional filtering policies like "HTTP scanning" and "Application control" and performed the same test which has revealed the same result. That is why I am thinking about problems is in the firmware. It would be great if Sophos support could rise a ticket wherether they confirm it or not.

Reply
  • 0 in reply to sachingurung

    Hi, Sachin Gurung

    I do not have enabled HTTPS scanning in any of the firewall rules. And in terms of issue localisation I had disabled any additional filtering policies like "HTTP scanning" and "Application control" and performed the same test which has revealed the same result. That is why I am thinking about problems is in the firmware. It would be great if Sophos support could rise a ticket wherether they confirm it or not.

Children
No Data