Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 2586 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG block telegram but i don't want

Sophos User5753

Hi,

i don't understand why sophos xg mark telegram as DDOS attack.. i have disabled DDOS protection tryied to disable IPS etc from Firewall rule but nothing change...

i attached last test i did

maybe i'm loosing some configuration?

thank you



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to rfcat_vk

    thank you ian, i found logging setting... btw after few modification i can see firewall log are now "allowed" but telegram not work at all.

    watching other services, i can see that if i enable "Scan HTTP and decrypt HTTPS" or Web policy, telegram stop working. (i tried to add *.telegram.com in the Web policy but nothing change and its not working also with Web policy "None")

    in this situation i guessed to see some block in the "SSL/TLS inspection" or "Web filter" logs btw this log still blank and i cant' see what is not working.. is it normal?

  • 0 in reply to Sophos User5753

    Hi,

    web filter will be blank because you are not capturing anything because none disables the web -proxy and DPI functions.

    You would add telegram to the web exceptions.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Sophos User5753

    You will also need to add web.tel.onl to your exception list.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi ian and thanks for support,

    with log enabled i don't understand how to find the problem...

    from web filter logs and firewall logs all connection to 149.154.167.91 are now allowed and i have added

    that exceptions on web filter

    ^([A-Za-z0-9.-]*\.)?telegram\.com/
    ^([A-Za-z0-9.-]*\.)?web\.tel\.onl/

    but telegram stil not work if Web filter or Scan HTTP enabled.

    other logs (IPS, Malware, Web content policy, SSL/TLS etc) are blank or not log nothing about.

    where is the problem?

  • 0 in reply to Sophos User5753

    Hi,

    do you have the XG CA installed on the testing PC?

    There appears to be a configuration issue that I cannot see from what you have posted. I do not have those exceptions on my system and can at least connect the initial telegram page. I have quite a restrictive set of firewall rues and policies in place and use scan and decrypt in my firewall rules for most devices that can have a CA installed..

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    yes, it is installed on device,

    no problem to go on the initial page but when you use Telegram after few seconds going into loop for "connecting" and never change the state (no message sync etc)

  • 0 in reply to Sophos User5753

    Hi,

    next issue with your firewall rule, change web to allow all, disable the boxes you have ticked and try again. XG my see the looping as an attack because of the continuous packets from the same source with the same data.

    Further you can build your own IPS policy that excludes the item detecting the issue and use th policy on your telegram firewalll rule only.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?