Troubleshoot site blocked

I guess, you have the same issue like this Thread.

https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/105140/decrypt-and-scan-https-is-checked-and-i-installed-the-certificate-to-trusted-root-container-but-no-websites-are-working/383882#pi2151=2

Michael Dunn explained in Detail, what is going on. 

It seems related. The Sophos engine is not updating. When I "curl https://us-west-2.u2d.sophos.com/ -k) I get a 404 page not found.

This should not be the issue.

You should start to investigate the u2d.log in more detail. 

Is something broken?

It wont update the Sophos patterns but everything else is up to date. Log below with the contents when I click update

DEBUG     Mar 05 12:01:44 [15274]: --fwversion = 17.5.3.372                    
DEBUG     Mar 05 12:01:44 [15274]: --productcode = CN                          
DEBUG     Mar 05 12:01:44 [15274]: --model = SF01V                             
DEBUG     Mar 05 12:01:44 [15274]: --vendor = HV01                             
DEBUG     Mar 05 12:01:44 [15274]: --pkg_ips_version = 9.15.69                 
DEBUG     Mar 05 12:01:44 [15274]: --pkg_ips_cv = 14.0                         
DEBUG     Mar 05 12:01:44 [15274]: --pkg_atp_version = 1.0.0232                
DEBUG     Mar 05 12:01:44 [15274]: --pkg_atp_cv = 1.00                         
DEBUG     Mar 05 12:01:44 [15274]: --pkg_savi_version = 1.0.0                  
DEBUG     Mar 05 12:01:44 [15274]: --pkg_savi_cv = 1.00                        
DEBUG     Mar 05 12:01:44 [15274]: --pkg_avira_version = 1.0.402398            
DEBUG     Mar 05 12:01:44 [15274]: --pkg_avira_cv = 4.00                       
DEBUG     Mar 05 12:01:44 [15274]: --pkg_apfw_version = 11.0.006               
DEBUG     Mar 05 12:01:44 [15274]: --pkg_apfw_cv = 1.00                        
DEBUG     Mar 05 12:01:44 [15274]: --pkg_waf_version = 1.0.0006                
DEBUG     Mar 05 12:01:44 [15274]: --pkg_waf_cv = 1.00                         
DEBUG     Mar 05 12:01:44 [15274]: --pkg_sslvpn_version = 1.0.007              
DEBUG     Mar 05 12:01:44 [15274]: --pkg_sslvpn_cv = 1.00                      
DEBUG     Mar 05 12:01:44 [15274]: --pkg_ipsec_version = 1.2.001               
DEBUG     Mar 05 12:01:44 [15274]: --pkg_ipsec_cv = 1.00                       
DEBUG     Mar 05 12:01:44 [15274]: --pkg_clientauth_version = 1.0.0016         
DEBUG     Mar 05 12:01:44 [15274]: --pkg_clientauth_cv = 2.00                  
DEBUG     Mar 05 12:01:44 [15274]: --pkg_redfw_version = 2.0.017               
DEBUG     Mar 05 12:01:44 [15274]: --pkg_redfw_cv = 2.00                       
DEBUG     Mar 05 12:01:44 [15274]: --oem = Sophos                              
DEBUG     Mar 05 12:01:44 [15274]: Added new server : Host - ap-northeast-1.u2d.
sophos.com., Port - 443                                                        
DEBUG     Mar 05 12:01:44 [15274]: Added new server : Host - us-west-2.u2d.sopho
s.com., Port - 443                                                             
DEBUG     Mar 05 12:01:44 [15274]: Added new server : Host - eu-west-1.u2d.sopho
s.com., Port - 443                                                             
DEBUG     Mar 05 12:01:44 [15274]: Final query string is :
<snip>
DEBUG     Mar 05 12:01:44 [15274]: Response code : 200                         
DEBUG     Mar 05 12:01:44 [15274]: Response body :                             
<Up2Date>                                                                      
  <Package u2dtype="pattern">                                                  
    <File name="savi_1.00_1.0.13817_full.tar.gz.gpg">                          
      <location>d30ncyzaneb4q0.cloudfront.net/savi_1.00_1.0.13817_full.t
ar.gz.gpg</location>                                                           
      <version>1.0.13817</version>                                             
      <size>214576840</size>                                                   
      <md5sum>517ac7f2059d8db5b09dcafb9f46642e</md5sum>                        
      <module>savi</module>                                                    
      <cv>1.00</cv>                                                            
      <type>full</type>                                                        
    </File>                                                                    
  </Package>                                                                   
</Up2Date>                                                                     
                                                                               
DEBUG     Mar 05 12:01:44 [15274]: Response length : 423                       
DEBUG     Mar 05 12:01:44 [15274]: Received name : savi_1.00_1.0.13817_full.tar.
gz.gpg                                                                         
DEBUG     Mar 05 12:01:44 [15274]: Received location : https://d30ncyzaneb4q0.cl
oudfront.net/savi_1.00_1.0.13817_full.tar.gz.gpg                               
DEBUG     Mar 05 12:01:44 [15274]: Received version : 1.0.13817                
DEBUG     Mar 05 12:01:44 [15274]: Received size : 214576840                   
DEBUG     Mar 05 12:01:44 [15274]: Received md5sum : 517ac7f2059d8db5b09dcafb9f4
6642e                                                                          
DEBUG     Mar 05 12:01:44 [15274]: Received module : savi                      
DEBUG     Mar 05 12:01:44 [15274]: Received cv : 1.00                          
DEBUG     Mar 05 12:01:44 [15274]: Received type : full                       

Tue Mar 05 12:03:31 2019 Download completed for file savi_1.00_1.0.13817_full.ta
r.gz.gpg                                                                       
Tue Mar 05 12:03:31 2019 We are primary machine in HA. Syncing download for modu
le savi to auxiliary machine                                                   
gpg: Signature made Mon Mar  4 18:01:30 2019 PST using RSA key ID 6A20EB0B     
gpg: NOTE: trustdb not writable                                                
gpg: Good signature from "Sophos Up2Date Server <updates@sophos.com>"          
Tue Mar 05 12:03:43 2019 Download for file savi_1.00_1.0.13817_full.tar.gz.gpg p
assed integrity and gpg checks                                                 
Tue Mar 05 12:04:04 2019 Either FILE or MSID received in U2DVERSION is blank, sa
vi_13817.tar.gz,                                                               
Tue Mar 05 12:04:04 2019 Current savi patterns are at /content/savi_1.00/1.0.138
14                                                                             
Tue Mar 05 12:04:04 2019 New updated  patterns are now at /content/savi_1.00/1.0
.13817                                                                         
Tue Mar 05 12:04:30 2019 Callback u2d_pt_installed failed for savi, version = 1.
0.13817.                                                                       
Tue Mar 05 12:04:30 2019 Setting status 'fail' in DB and reverting link for savi
 to old version = 1.0.0.                                                       
Tue Mar 05 12:04:30 2019 savi patterns are again at /content/savi_1.00/1.0.13814
                                                                               

Would suggest to open a Sophos Support case. For some reason, XG is not able to install the current SAVI Pattern. 

And use a fallback to Version 1.0.

This should be troubleshoot by a Sophos Engineer. 

This is a home setup so there is no support.

Maybe Aditya Patel or FloSupport can take a look at your system.

Maybe Aditya Patel or FloSupport can take a look at your system.