Blocked ISP's app from the firewall

Hello Husqa,

Additionally to what has been suggested, please confirm if you’re using DPI or Web Proxy? Please share what is selected in the Firewall Rule that is passing this traffic.

Regards,

Thank you for reply. Sorry for the delay in reply due the time difference between us. Please find below screenshot.

Thank you for reply. Sorry for the delay in reply due the time difference between us. Please find below screenshot.

Hello Husqa,

Thank you for the screenshot. 

It looks like you’re using the DPI engine, try creating an exception for the software under Protect >> Rules and Policies >> SSL/TLS using the Destination Network as FQDN.

Also if you’re on the Control Center, and click under SSL/TLS connections (on the middle right side of the screen), in the new "window" you’ll see a "Fix Errors" click there, and you’ll see a list of domains with issues, search for the domain you are having issues with and then you can click Exclude from Encryption and it would give you the option to Add domain/ Add Subdomain, I think the subdomain will be enough for you.

Regards,

Hi Emmanuel,

Good Day!

Thanks for your support.

SSL/TSL is currently switched off. Since I am totally new to Sophos, need your support please. kindly help me to fill the required fields below for the new exception.

Hello there,

Can you click on SSL/TLS inspection settings >> Advanced Settings >> SSL/TLS Engine = Disabled

Then try again.

As per the exception, it should look something like this, except just change the IP to your PC or testing PC, then for Destination Networks, click Add New Item >> Create New >> FQDN Host

Name = ooredo

FQDN = ocbc.ooredoo.qa

FQDN Host Group = ooredo_FQDN_HG (just because you might need to add more here, it is better to have a Group)

Regards,

Hi Emmanuel,

Sorry for the delay in reply. I have tried that but did not work. is there any way we can find out which another URL or IP Address is trying reaching by this app?

Hello there,

I would recommend you to change to Web Proxy, so select in the Firewall rule "Use Web Proxy Instead of DPI engine" and "Decrypt HTTPs During web proxy Filtering"

Then SSH into the XG and press 5 > 3 to be in the Advanced Shell, then run the following command:

# service awarrenhttp:debug -ds nosync

# tail -f /log/awarrenhttp_access.log

Then access the website, and the log should start populating, with the websites

Regards,

Thank you for your reply. this workaround is too advanced for me. this is the production environment so I am really affraid.

if you can possibly access using TeamViewer or any desk, I can arrange that.

Hello Husqa,

For remote sessions, you need to call our Support Team.

You can simply create a Test Firewall Rule for one PC, use the Computer's IP in the Firewall Rule and put this Firewall on TOP and this will only affect this PC traffic.

I did the same test on my end and got the following URLs, so you might need to add this ones too:

https://api.livechatinc.com/

https://ooredooqa.dimelochat.com

https://analytics.tiktok.com

https://accounts.livechatinc.com

Regards,

Hi Emmanuel,

I have added those 4 URLs to the new reception list and the URL group but still the same. i will create a support case for that issue.