We have onclick protection enabled in Email Gatweay so e-mails with urls have a Sophos substitute url. OnClick Sophos checks the url and when found correct the browser is refered to the correct url.
This works as intented. HOWEVER there is one user that gets occassionally a login to the internal firewall IP at port 8091. He works on a RDS server and he is the only one affected. It is not always or constant.
When it is happening and another user mails him the original end url he has no problem viewing that website. It is mostly with a partner portal website, I can add an exception not to replace e-mails from that domain but would rather understand what is wrong here.
I am not seeing any errors in the XG logs that I believe are related. I see a lot of connections dropped to a IP belonging to Google on port 5228 but all users have that.
Sophos XG is SFOS 19.0.0 GA-Build317
Chrome version 104.0.5112.101
Thanks,
Fred
This thread was automatically locked due to age.
