Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 30 subscribers
  • Views 888 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application control blocking websites

Kripasindhu Ghosh

Hi,

one of our customer was trying to browse "https://apex.irclass.org:82 " but failed. I have allowed the fqdn and found nothing wrong logs in web filtering and application control logs. When i removed the application control, start getting the traffic.

Anyone can guide:

1. How to get the logs related to this issue.

2. How to allow "https://apex.irclass.org:82" in application control

Thanks in Advance



This thread was automatically locked due to age.
  • 0

    Application Control looks at things like destination ports, and port 82 is totally non-standard for HTTPS, so that's a plausible reason. (In fact, 81, 82, etc, seem to be used by some TORs, which would be suspicious.)

    When I try going to that link, entries show up in Log Viewer > Application Filter identifying it as a TOR Proxy, which makes sense. It gives a Policy ID of 4 and App Filter Policy ID is 8, though I'm not sure what to do to locate that and turn it off in Application Filtering.

    Worst-case, you could set up a firewall rule that has no App Filtering with destination of that particular domain, destination port 82. Make sure it's higher than the rules messing you up.

  • 0

    Hi Kripasindhu Ghosh

    Thank you for reaching out to the community, Are you using Sophos XG as a proxy server?

    If yes please go to PROTECT--->Web--->General Settings under Web proxy configuration and add port 82 allowed destination ports

     

    If a post solves your question please use the 'Verify Answer' button.

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Wayne Folta

    Thanks for the reply ! Through that process only im allowing the current traffic. Is it the standard way or there are anything else inside application filtering to  allow these non standard traffic? 

  • 0 in reply to Bharat J

    Thanks a lot for your reply. 

    I m currently using DPI. When i am disabling the SSL/TLS inspection over DPI , "https://apex.irclass.org:82 " its working.

    I was trying to bypass this specific website from DPI using Exclusion by website  but not succeeded. Is there anyway to exclude any specific website from TLS/SSL inspection over DPI ?

  • 0 in reply to Kripasindhu Ghosh

    Why not create an exception ticking not to use https?

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Kripasindhu Ghosh

    Hello ,

    DPI engine detects and filters HTTP and SSL/TLS traffic on any port. Where as when enabling the option "Use web proxy instead of DPI engine" under the firewall rule, then the Web proxy transparently handles traffic only on TCP ports 80 and 443 only

    Alternatively you can also create an exception as suggested by  Under the web > exception > add: skipping the options like HTTPS decryption, HTTPS certificate validation, Malware and content scanning, Zero-day protection & Policy checks. Select the URL pattern matches and add the following regex: ^([A-Za-z0-9.-]*\.)?apex\.irclass\.org:82/

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?