Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Subscribers 29 subscribers
  • Views 3557 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Website Being blocked to a specific user

ywillie

Hi guys

I'm getting some issue with this sophos blocked issue despite the user have never face this problem before.
And seems that the stop reported username does not seems to match the login domain user.

Anyone face this issue before ?
Thanks





This thread was automatically locked due to age.
Parents
  • +1

    Hi  

    The website is being blocked by the policy set by your company administrator. Please check this article for more information, you can create website exclusion as indicated in this video. Let us know if you have any further concerns. 

  • 0 in reply to Shweta

    well.. we've not done any configurations to our central endpoint or even our sophos xg firewall for the past few years.
    The particular user seems to get this problem after we're back from the mco.
    This also seems to affect some of our users randomly after the exploit that was announce to target sophos firewalls.
    This trigger sophos to update central endpoint with random image number generator.
    I'll just take a look where the problem came from.

  • +1 in reply to ywillie

    Hi  

    Would you please check under your central dashboard, for the events of this particular user/machine and also verify the web control policy which is being applied to that user. 

  • +1 in reply to ywillie

    It's certainly not the Sophos Central Endpoint Web control blocking it given the screenshot.  At face value, it looks like a web control policy in the XG to block the category.

    Jak

  • 0 in reply to jak

     

    I checked and found that the blocked came directly from the firewall.

    Though it's specifically locking 192.168.107.14 to user1. Despite it's user3 is that's logging onto this pc with 192.168.107.14.

    May i know how did the firewall refers the specific IP to a user ?

  • +1 in reply to ywillie

    Hi  

    Would you please join the Sophos XG firewall group on the Sophos community, so I can move your post to XG firewall and member of that group can help you to investigate the issue?

  • 0 in reply to Jasmin

    have joined...
    The responce of sophos community is very fast than i expect..
    Thought the replied would be like microsoft, took a year to reply a subject lol...

  • 0 in reply to ywillie

    I asked one of my seniors and he informed me the solution..
    Sophos has a http authenticator.
    By using that pc to login to that http authenticator,  the ip no longer locked to user1. It now shifted to another user.

    Thanks for the fast respond.

  • +1 in reply to ywillie

    Hi  

    Thank you for your appreciation.

    I have moved your post to the XG firewall group. Members will help to resolve your issue.

  • +2 in reply to Jasmin

    Hi  

    I would request you to check the Log Viewer >> Web Logs and filter the logs by IP or Username and try to find the denied logs for the website and allow the website URL in the web filter policy applied on the firewall rule of the user profile.

    The XG has 2 ways to apply for Web protection, you can apply it on the firewall rule or on the user profile if you have enabled authentication, user profile web policy will take place, if not than firewall web protection policy will be applied to traffic passing from the firewall rule.

  • 0 in reply to Keyur

    Yes.. I've been using Log Viewer to tracer the IP from it's source to destination.
    As standard routines of Network Administrators , we usually check it's problem from log viewer and policy testing.
    But as what i noticed, log viewer already shown the problem .
    It's just that i'm not too familiar with how the firewall identifies specifically an IP with a domain user.
    And how to switch the domain user for that ip. 
    I initially thought it's affected by the the DNS or DHCP server.
    Which is actually the http authenticator from the firewall itself managing that.
    The web policy for each user has been define long ago by the previous network administrator. 
    So it shouldn't have any issue.
    Perhaps i really need to understand more about the implementation part..

    Thanks again for the information.

Reply
  • 0 in reply to Keyur

    Yes.. I've been using Log Viewer to tracer the IP from it's source to destination.
    As standard routines of Network Administrators , we usually check it's problem from log viewer and policy testing.
    But as what i noticed, log viewer already shown the problem .
    It's just that i'm not too familiar with how the firewall identifies specifically an IP with a domain user.
    And how to switch the domain user for that ip. 
    I initially thought it's affected by the the DNS or DHCP server.
    Which is actually the http authenticator from the firewall itself managing that.
    The web policy for each user has been define long ago by the previous network administrator. 
    So it shouldn't have any issue.
    Perhaps i really need to understand more about the implementation part..

    Thanks again for the information.

Children
No Data