Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 1538 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

not working transparent proxy for https via Sophos Connect client

Petr Odvarka

Hello,

I have several Sophos XG firewalls with Sophos Connect VPN configured. At one installation I cannot open connection to servers via https, but via http I can.

Configuration is very similar at all of these firewalls. I am ot able to find out why it does not work.

I do not know which log can help me. In logs available via Log viewer I see no problem, but I do not see any communication via https protocol in web filter part.

Even policy test tells me that it is working.

I have another test how to recognize whether it should work. When I connect and do telnet to name of server and port number. At XG with problem I am able to do telnet to port 80 and connection opens. When I do it for port 443 connection does not open.

When I try it on some of functional XGs, opens connection on both ports.

Connection from LAN opens on ports 80 and 443 in case of connection from LAN.

Has anybody similar experience ? How to solve it ? Hope I have no trivial error because I have several firewalls configured.

Reboot or restart of proxy does not help ...

 

Best regards,

Petr



This thread was automatically locked due to age.
  • 0

    Hi  

    I would request you to check with the firewall rule for VPN communication, you may use packet capture utility to check the traffic for port 443.

    https://community.sophos.com/kb/en-us/123189

  • 0 in reply to Keyur

    Hello Keyur,

    I sniffed communication via VPN connection.

    I see that there are many requests for TCP SYN to port 443, but no one has answer.

    Rule allowing communication form VPN to WAN is at first position of rules.

    When I try sniffing at working XG, I see communication, but in sniff is only half of it. From VPN address to public address. No data back to VPN address.

    I am running sniffer from CLI. It is more comfortable for me than web GUI.

    22:28:17.861335 ipsec0, IN: IP 10.168.5.1.55890 > 40.101.54.178.443: Flags [.], ack 1826964521, win 260, length 0
    22:28:17.883480 ipsec0, IN: IP 10.168.5.1.55891 > 40.101.54.178.443: Flags [.], ack 3143143749, win 260, length 0

     

    I sniffed it to file. Downloaded it and showed in wireshark.

    Is there any way how to check wherher XG transparent proxy listens at virtual port for Sophos Connect VPN ?

    SSLVPN works well at the same system where Sophos Connect has problem with port 443.

     

    Best regards,

    Petr