Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 602 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Allow All" web filter policy blocks request allowed when there is no web filter policy

David Hay

Hi all

I am having difficulty troubleshooting a problem with a request from a mobile phone 2-factor authentication app being blocked by our XG firewall (XG125 SFOS 19.0.0 GA-Build317).

To test this, I have created a new top-most firewall rule for traffic from the user's phone's IP address to the WAN Any Network and Any Service. There is no web filter, app control, or IPS policy configured. None of the checkboxes associated with web filtering is checked. The user's app works.

Then I add a web filter policy with only one rule defined: the Default action of allow. Now the user's app does not work - when they acknowledge the request to confirm the authentication challenge, the app just hangs.

So just applying a web filter policy that blocks nothing is causing the request from this app to fail in some way. What other firewall behaviours come into play when you have a web filter policy applied that would be causing this?

Any help is much appreciated.

David



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    please check the ssl/tls log in log viewer to see possible error messages.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks Ian

    I have looked at the ssl/tls logs in log viewer. There are no errors arising from requests from the user's IP address. Everything is "Do not decrypt". The user device is an android phone and due to SSL/TLS inspection now working with Android, there are no rules configured for android devices - so all SSL/TLS logs for the user device are from the default rule that is don't decrypt.

    I have even turned off all SSL/TLS inspection and it has not changed anything.

Reply
  • 0 in reply to rfcat_vk

    Thanks Ian

    I have looked at the ssl/tls logs in log viewer. There are no errors arising from requests from the user's IP address. Everything is "Do not decrypt". The user device is an android phone and due to SSL/TLS inspection now working with Android, there are no rules configured for android devices - so all SSL/TLS logs for the user device are from the default rule that is don't decrypt.

    I have even turned off all SSL/TLS inspection and it has not changed anything.

Children
Unfiltered HTML