Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 26 subscribers
  • Views 14207 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Google IPs are considered TOR Proxy

BonMerd

I cannot find a topic for Application filter so i am posting my question here.

Since the last update of the Application filters (22.04) we cannot open google.com. I see in the log viewer that the IP 216.58.212.4 (which is a google IP) is categorized as TOR Proxy under the application filter log and access is denied:

Any suggestions guys?



This thread was automatically locked due to age.
  • 0

    Confirmed!

    It is the returning traffic. Anyway in my case I get the blocked APP log but google.com opens.

  • 0 in reply to lferrara

    Hey Luk, do you have the TOR Proxies blocked? Because the only way we can open google is by allowing TOR through the appliance.

    And at the moment there is no way we can open mail.google.com (https bypassing etc.)

  • 0 in reply to BonMerd

    Tor Proxy in my case are blocked, but I can access google and googlemail to. Open a ticket with the Sophos Support and let us know.

  • 0 in reply to lferrara

    Hi Luk,
    thanks for the suggestion to open a ticket, however we continued to experiment and finally we just removed and then reassigned the application filter policy from the firewall policies and Oh! miracle :) it works now.

    I even blocked the TOR Proxies again and we can still open google and gmail, I can see sporadically google IPs logged as TOR in the log viewer but nobody is complaining for now.

    Do you know if we can expect any time soon an update for the IPS and Application signatures that will correct this strange recognition of google IPs as TOR?

  • 0 in reply to BonMerd

    Well i spoke too soon, 30mins after blocking TOR proxies we can no longer open google.com so back to allowing them, i'll fire that support ticket after all :)

  • 0 in reply to BonMerd

    I have been fighting the Application Filter blocking Google as TOR Proxies, also.  But, it only seems to happen with the Firefox browser.  IE and Chrome work fine. Are you seeing the same?

  • 0 in reply to DavidWilliams1

    We are mostly using Chrome.

    We found a way to fix the issue temporary until it gets back...

    One way to do this is to add filter to allow TOR proxy which will solve it, but of course is not what we want...

    And the other is to play a bit with the app filter positions in the General Corporate Policy, try changing their places, save, move Category = proxy and tunnel at the bottom. This way we solved the issue for most of the users, but there are still some specific users that cant pass this app policy and are always detected as TOR proxy (holding ctrl+R fixes this temporarily)

    And something out of the topic, regarding the Application filter again, have you tried downloading torrents ? Even if the App filter has P2P traffic denied, Log viewer shows P2P traffic denied, but i dont have problem downloading torrents P2P...  I was wondering if this is the normal behavior for the P2P denying policy ? 

    Regards,

    Boncho