Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 701 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG550 (SFOS 19.0.0 GA-Build317) : problem with Web filter, RDP connection block after upgrade

Daniele Basilico

Hi,
after upgrade from SFOS 18.5.3 MR-3-Build408 to SFOS 19.0.0 GA-Build317, without changes to the policy, we have a problem with connections in vpn ssl, RDP connections (tcp 3389) are blocked.

The logs indicate that RDP connections are blocked by the web filter:

2022-06-22 14:24:50,messageid="16002" log_type="Content Filtering" log_component="HTTP" log_subtype="Denied" fw_rule_id="88" fw_rule_name="VPN vs WAN" fw_rule_section="Local rule" user="********@**********" user_group="*********" web_policy_id="13" web_policy="VPN Web filter" category="IPAddress" category_type="Acceptable" url="">">">https://10.250.227.25" content_type="" override_token="" src_ip="192.168.250.23" dst_ip="10.250.227.25" protocol="TCP" src_port="16921" dst_port="3389" bytes_sent="0" bytes_received="0" domain="10.250.227.25" exception="" activity_name="" reason="" user_agent="" status_code="403" transaction_id="" referer="" download_file_name="" download_file_type="" upload_file_name="" upload_file_type="" con_id="2220459584" app_name="" app_is_cloud="0" override_name="" override_authorizer="" used_quota="0"

If we set the Web policy to None, so disabling web filtering, the RDP connection works fine:

2022-06-22 14:24:41,messageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="430" fw_rule_id="88" fw_rule_name="VPN vs WAN" fw_rule_section="Local rule" nat_rule_id="0" nat_rule_name="" policy_type="2" sdwan_profile_id_request="0" sdwan_profile_name_request="" sdwan_profile_id_reply="0" sdwan_profile_name_reply="" gw_id_request="0" gw_name_request="" gw_id_reply="0" gw_name_reply="" sdwan_route_id_request="0" sdwan_route_name_request="" sdwan_route_id_reply="0" sdwan_route_name_reply="" user="********@**********" user_group="*************" web_policy_id="13" ips_policy_id="0" appfilter_policy_id="0" app_name="Windows Remote Desktop" app_risk="3" app_technology="Client Server" app_category="Remote Access" vlan_id="" ether_type="Unknown (0x0000)" bridge_name="" bridge_display_name="" in_interface="tun0" in_display_interface="tun0" out_interface="In_LAG" out_display_interface="Inside_LAG" src_mac="40:00:80:06:66:AF" dst_mac="45:00:00:34:EB:40" src_ip="192.168.250.23" src_country="R1" dst_ip="10.250.227.25" dst_country="R1" protocol="TCP" src_port="16822" dst_port="3389" packets_sent="724" packets_received="515" bytes_sent="51899" bytes_received="46150" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="VPN" src_zone="VPN" dst_zone_type="LAN" dst_zone="LAN" con_direction="" con_event="Stop" con_id="3330239656" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0" log_occurrence="1" flags="0" web_policy="VPN Web filter"

BR



This thread was automatically locked due to age.
Parents
  • 0

    Hi Daniele Basilico

    Thank you for reaching out to the community. Have you taken the backup of the existing configuration before upgrading the firmware version to latest?

    If you rollout the latest firmware version same configuration working with the previous version?

    Thanks 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Hi Daniele Basilico

    Thank you for reaching out to the community. Have you taken the backup of the existing configuration before upgrading the firmware version to latest?

    If you rollout the latest firmware version same configuration working with the previous version?

    Thanks 

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to Bharat J

    Hi,

    we have discovered the cause of the problem, for some strange reason, in the Web Profile used for vpn SSL connections the RDP (tcp 3389) connections are placed by Sophos XG in the "none" url category and this category was blocked; by enabling this category, the RDP connections started working again.

    So it seems that in the previous firmware version the RDP c connections were not recognized as web connections, as is the case with the new firmware.

    Thanks

    BR

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?