Use local File Hosts to test new website wont works

Hi Ste 

Are you using caching on the XG at all?

If you are using the web proxy, you can try create a plain network rule above all other rules with the source IP as your test machine.  Do not select any AV scanning, web policies, application policies, etc.  Ensure to select NAT policy and gateway route.

You can restart the DNS service that will clear its cache by running command: service dnsd:restart -ds nosync from the "advance console" section of the XG.

Thanks!

Hi, 

About caching if you mean this https://community.sophos.com/kb/en-us/134390 no. I don't.

I did a plain network rule above as you describe and the DNS service restart but they didn't solve. 

Any other things?

Thank you

Hi Ste 

What DNS IPs are configured in the XG firewall?

Please go to Diagnostics >> Name Lookup and check the DNS resolution of the domain with each IP and share the observation.

I did and all of them resolv hwith the old IP: 83.212.109.23

What i mean is that if I set localy on PC Hosts file the record: 3.124.132.43 proxy-fenix.pilot.eduteams.org the pc resolve with this new IP and i See log on the log viewer:

BUT: connection from XG starto to ip: 83.212.109.23

Hi Ste 

As you said, you added "PC Hosts file the record: 3.124.132.43 proxy-fenix.pilot.eduteams.org" which is a manual entry to the PC host file and it will always resolve the IP you have added but I have checked over MX toolbox and it is resolving 83.212.109.23 for proxy-fenix.pilot.eduteams.org, I have checked with global DNS and it is same. This is not an issue with the Sophos XG, DNS entry for URL is or CNAME record for URL haproxy-fenix.pilot.eduteams.org is 83.212.109.23, please check the attached screenshot.

You can add DNS host entry in the Sophos XG- https://community.sophos.com/kb/en-us/123566

Hi Ste 

As you said, you added "PC Hosts file the record: 3.124.132.43 proxy-fenix.pilot.eduteams.org" which is a manual entry to the PC host file and it will always resolve the IP you have added but I have checked over MX toolbox and it is resolving 83.212.109.23 for proxy-fenix.pilot.eduteams.org, I have checked with global DNS and it is same. This is not an issue with the Sophos XG, DNS entry for URL is or CNAME record for URL haproxy-fenix.pilot.eduteams.org is 83.212.109.23, please check the attached screenshot.

You can add DNS host entry in the Sophos XG- https://community.sophos.com/kb/en-us/123566

I add on the hosts file on the PC.

then I done a test doing the same DNS host entry on the Sopohs XG and it solved the problem. But this cannot be a solution. There is something in the XG software that is not working properly

Hi Ste 

Sophos XG will forward the DNS query to the configured DNS IP in the Sophos XG firewall DNS configuration and it will show the response received from those DNS servers.

I have shared the screenshot of MXtoolbox which is a global tool where there is no intervention of Sophos XG firewall. URLs public CNAME record IP is 83.212.109.23. Sophos XG is not acting as DNS server, it just shows the result provided by the DNS IP configured.

The DNS query of the pc are not sent to XG! are resolved locally. The packet sent to XG has DST addr 3.124.132.43 but then the XG send the message to 83.212.109.23.

This is the problem. 

Can you please understand?

Thank

Hi Ste 

Could you please verify the pharming protection? 

Please navigate to Web >> General Settings >> Malware and content scanning >> Advanced settings >> Enable pharming protection

Disabling the pharming protection everything works as expected. 

Good to know. We have found the cause of the issue.

Thank you for your support.