Sophos XG block telegram but i don't want

Please tick the logging box on that rule so you get a better understanding of what is happening.

ian

hi ian,

the firewall rule is N/A, where i need to tick the loggin box?

I you look at your firewall rule you will see a box just under the firewall rule name to enable logging.

Ian

thank you ian, i found logging setting... btw after few modification i can see firewall log are now "allowed" but telegram not work at all.

watching other services, i can see that if i enable "Scan HTTP and decrypt HTTPS" or Web policy, telegram stop working. (i tried to add *.telegram.com in the Web policy but nothing change and its not working also with Web policy "None")

in this situation i guessed to see some block in the "SSL/TLS inspection" or "Web filter" logs btw this log still blank and i cant' see what is not working.. is it normal?

Hi,

web filter will be blank because you are not capturing anything because none disables the web -proxy and DPI functions.

You would add telegram to the web exceptions.

Ian

You will also need to add web.tel.onl to your exception list.

Ian

Hi ian and thanks for support,

with log enabled i don't understand how to find the problem...

from web filter logs and firewall logs all connection to 149.154.167.91 are now allowed and i have added

that exceptions on web filter

but telegram stil not work if Web filter or Scan HTTP enabled.

other logs (IPS, Malware, Web content policy, SSL/TLS etc) are blank or not log nothing about.

where is the problem?

Hi,

do you have the XG CA installed on the testing PC?

There appears to be a configuration issue that I cannot see from what you have posted. I do not have those exceptions on my system and can at least connect the initial telegram page. I have quite a restrictive set of firewall rues and policies in place and use scan and decrypt in my firewall rules for most devices that can have a CA installed..

Ian

Hi,

do you have the XG CA installed on the testing PC?

There appears to be a configuration issue that I cannot see from what you have posted. I do not have those exceptions on my system and can at least connect the initial telegram page. I have quite a restrictive set of firewall rues and policies in place and use scan and decrypt in my firewall rules for most devices that can have a CA installed..

Ian

yes, it is installed on device,

no problem to go on the initial page but when you use Telegram after few seconds going into loop for "connecting" and never change the state (no message sync etc)

Hi,

next issue with your firewall rule, change web to allow all, disable the boxes you have ticked and try again. XG my see the looping as an attack because of the continuous packets from the same source with the same data.

Further you can build your own IPS policy that excludes the item detecting the issue and use th policy on your telegram firewalll rule only.

Ian