Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 18 replies
  • Answers 4 answers
  • Subscribers 33 subscribers
  • Views 83101 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Anyone successfully running Crashplan backups through an XG?

PeterNikolaidis

Greetings!


I recently replaced a UTM 120 with an XG 125. Crashplan Pro (usually running on ports 443 and 4242) hasn't worked since. Taking the XG out of the loop allows communication, so it's definitely something with the new unit's config, but even if I allow all traffic out and disable HTTP/HTTPS scanning, it won't communicate. Any suggestions?

Thanks,

Peter



This thread was automatically locked due to age.
Parents
  • 0

    I created a walk-through for anyone interested:

    Enable CrashPlan on Sophos Firewall’s - Steps

    1. Disable Microapp Discovery
    2. Create FQDN Group
    3. Create FQDN’s for CrashPlan
    4. Create Firewall Rule

     

    Disable Microapp Discovery

    1.) Connect to the XG firewall via SSH and select option 4 (Device Console) from the menu

    2.) run this command to disable microapp discovery: system application_classification microapp-discovery off

    3.) Reboot Firewall

     

    Create FQDN Group

    SYSTEM>>> Hosts and Services>>> FQDN Group>>> Add

    Name: CrashPlan FQDNGroup

    Description: CrashPlan FQDNGroup

     

    Create FQDN's for CrashPlan

    SYSTEM>>> Hosts and Services>>> FQDN Host>>> Add

    (add each item below)

     

    Name: CrashPlan www.crashplan.com

    FQDN: www.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Name: CrashPlan web-bbm-msp.crashplan.com

    FQDN: web-bbm-msp.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Name: CrashPlan reflector.crashplan.com

    FQDN: reflector.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Name: CrashPlan edf-sea.crashplan.com

    FQDN: edf-sea.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Name: CrashPlan cxe-sea.crashplan.com

    FQDN: cxe-sea.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Name: CrashPlan central.crashplan.com

    FQDN: central.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Name: CrashPlan arb-msp.crashplan.com

    FQDN: arb-msp.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Create Firewall Rule

    PROTECT>>> Firewall>>> Add Firewall Rule>>> User/Network Rule

    Rule Name: CrashPlan Allow

    Rule Position: Top

     

    SOURCE

    Source Zones* = LAN

    Source Networks and Devices* = Any

     

    DESTINATION & SERVICES

    Destination Zones* = WAN

    Destination Networks* = CrashPlan FQDNGroup

    Services* = Any

     

    IDENTITY

    Match known users (UNCHECKED)

     

    MALWARE SCANNING

    All unchecked

     

    Leave all other boxes alone and SAVE >>> Finished

Reply
  • 0

    I created a walk-through for anyone interested:

    Enable CrashPlan on Sophos Firewall’s - Steps

    1. Disable Microapp Discovery
    2. Create FQDN Group
    3. Create FQDN’s for CrashPlan
    4. Create Firewall Rule

     

    Disable Microapp Discovery

    1.) Connect to the XG firewall via SSH and select option 4 (Device Console) from the menu

    2.) run this command to disable microapp discovery: system application_classification microapp-discovery off

    3.) Reboot Firewall

     

    Create FQDN Group

    SYSTEM>>> Hosts and Services>>> FQDN Group>>> Add

    Name: CrashPlan FQDNGroup

    Description: CrashPlan FQDNGroup

     

    Create FQDN's for CrashPlan

    SYSTEM>>> Hosts and Services>>> FQDN Host>>> Add

    (add each item below)

     

    Name: CrashPlan www.crashplan.com

    FQDN: www.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Name: CrashPlan web-bbm-msp.crashplan.com

    FQDN: web-bbm-msp.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Name: CrashPlan reflector.crashplan.com

    FQDN: reflector.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Name: CrashPlan edf-sea.crashplan.com

    FQDN: edf-sea.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Name: CrashPlan cxe-sea.crashplan.com

    FQDN: cxe-sea.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Name: CrashPlan central.crashplan.com

    FQDN: central.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Name: CrashPlan arb-msp.crashplan.com

    FQDN: arb-msp.crashplan.com

    FQDN Host Group>>> Add New Item >>> CrashPlan FQDNGroup

     

    Create Firewall Rule

    PROTECT>>> Firewall>>> Add Firewall Rule>>> User/Network Rule

    Rule Name: CrashPlan Allow

    Rule Position: Top

     

    SOURCE

    Source Zones* = LAN

    Source Networks and Devices* = Any

     

    DESTINATION & SERVICES

    Destination Zones* = WAN

    Destination Networks* = CrashPlan FQDNGroup

    Services* = Any

     

    IDENTITY

    Match known users (UNCHECKED)

     

    MALWARE SCANNING

    All unchecked

     

    Leave all other boxes alone and SAVE >>> Finished

Children
No Data