Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1126 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 18.5.4 - Web proxy is not blocking some sites

IUSE Firewall

Hi to all!

I´m not finding the answer of this weird behavior.

I have to Firewalls set up. SG 330 and XG 330. 

SG 330 is working like a charm and I have any issue. I´m setting up XG 330 and and working with the Proxy stuff.

I set a Rule for Wifi users, the "same configuration" like SG. This is the configuration:

This Wireless network is used by any kind of phones (not joined to any domain) and notebooks (joined to a domain). I mean, is a mixed network. 

The Problem is, any device that is not joined to domain or does not use proxy web, like android for example, the policy works well. The proxy shows that a category is blocked as it should.

But, any notebook with a proxy browser configured (the proxy is the Sophos IP UTM) not block some sites.. For example, Tiktok.com, xvideos.com, some other porn sites.

 If I remove the proxy browser from the machine, it works as intended. 

So, I dont know why if I set the proxy in the browser, some sites does not be blocked and some sites is being blocked. 

Some adviced you can share with me? I tried a lot different configurations and I get the same result. If I set the proxy in the browser, tiktok.com or some porn sites is not blocked. If I disable the proxy in the browser client, the sites are blocked without any issue.

I need the proxy set up to authenticate with AD and let the people surfing the internet according to their permissions.

Thanks in advanced.

Regards, 



This thread was automatically locked due to age.
  • 0

    Hi,

    if using the XG proxy to block website access you need tin install the CA and enable https scanning, further you need to change your services from any to slected ones eg http and https. Now, I am aware the android devices do not install CAs.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks for your Reply.
    I have the same setup with the SG 330 and It´s working well with transparent proxy enabled in one vlan where I have devices like phones and notebooks joined and not joined in a domain. Any device can not access to porn sites, regarding if he has proxy enabled in the browser or not.
    I cannot achieve this in the Sophos XG because if I set the proxy in the client browser, some sites are not blocked and I dont know why.

  • 0 in reply to IUSE Firewall

    Hi,

    basically it means the client is bypassing your rule, you need to use log viewer with filter on ip address to find which rule it is using. Also could be using a tunnel, you do need to limit your port range if using the proxy.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    It´s weird because in the last image I sent, you can see that the rules matches perfectly with web policy in the firewall rule. Also, I´m forcing the user to use a proxy server in the browser. I can understand a Phone is a little more difficult to manage but with proxy enable in the client side, it should be blocking for sure. 
    I tried to set HTTP/S in services firewall Rule to see if there is any change but it´s the same behaviour.
    I notice that I have this rule also:


    If I disable this rule, Internet stop working for the client and it start to tell me we need a CA certificate:

    But import CA certificate to all machines its a little difficult. There is a lot machines not joined to a domain controller.

    Thanks again

  • +1 in reply to IUSE Firewall

    Yes,  it is the traffic hitting the rule, you did not report back on that question?

    you are not using the transparent proxy but the explicit proxy. The transparent proxy is enabled by ticking use the proxy in the firewall rule, but only using http/s in the allowed services rule and forcing the  proxy in the web client.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks.. I could resolve the issue. It was my fault. I do not know why I made that rule. Disabled the last rule I sent you and set the First rule with any services and started working as it should.

    Thanks a lot!

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML