I'm combating a couple of issues with my XG 115 and hoping I can get some guidance.
I want level 4/5 application control so that serious threats are being blocked on the network between the internal clients and the external INET.
However, I have found two problems since turning this policy on a couple of months ago.
In the first problem situation, the XG was killing all of the app updates on my iOS devices. A call with a Sophos support engineer confirmed that the XG was indeed blocking these downloads (I couldn't find the appropriate entry in the log file but the engineer showed me how to filter down to the application filtering logs). Even though these were downloads of legitimate Apple App Store provided apps they were being blocked as type ".zip file" and the engineer had no explanation for why they were blocked (he indicated that only unknown .zip signatures should have been blocked). His solution was to exempt the entire .zip file category from the application filtering rule.
Fast forward to this past weekend and I ran into problems trying to update appliance software on my Unitrends backup appliance. Sophos categorized both HTTP file access and FTP file access as dangerous and kept blocking the downloads both of updates to the backup appliance box itself, and even client application software from the Unitrends support website. I ended up having to disable application filtering entirely which only partially resolved the issue.
With other firewall vendors I can exempt URLs or create specific whitelist rules so that application filtering is still in effect but some hosts or destination domains are not filtered out.
Is this not possible with Unitrends? I tried creating some general firewall rules for the client box that were in place before the general internet rule with the policies but my downloads were still being blocked.
Thanks.
This thread was automatically locked due to age.
