Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 28 subscribers
  • Views 10233 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues filtering with major websites

Karel Cornelis

Since this morning 22/10 a lot of website are not working anymore, for example  google.com, facebook, twitter, windows update, o365. Then other are do working, like Bing.com etc. I rebooted XG but still same problem. If I switch of filtering everything works fine. Last night everything was OK. Anybody else with the same issue?



This thread was automatically locked due to age.
  • 0

    I think it is ssl certificate related. Http websites are working

  • 0 in reply to Karel Cornelis

    Karel,

    make sure that Patterns are updated. Go to Backup & Firmware > Pattern Update and make sure the both AV and Sophos are updated. If patterns are not updated, Web Filtering will block traffic.

    Thanks

  • 0 in reply to lferrara

    That looks fine, so funny everything was working last night.

     

  • 0 in reply to Karel Cornelis

    What do you see from Web logs?

    Post web logs

    Thanks

  • 0 in reply to lferrara
    13:32:56
    665639008
    Port1
    -
    192.168.128.100
    40.77.226.249
    TCP
    Secure Socket Layer Protocol
    15188
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10786
    ESTABLISHED
    		  
    13:28:26
    1051124128
    Port1
    -
    192.168.128.100
    204.79.197.200
    TCP
    Secure Socket Layer Protocol
    15152
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10516
    ESTABLISHED
    		  
    13:28:26
    1051130784
    Port1
    -
    192.168.128.100
    204.79.197.200
    TCP
    Secure Socket Layer Protocol
    15151
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10516
    ESTABLISHED
    		  
    13:29:57
    665632768
    Port1
    -
    192.168.128.100
    207.46.194.33
    TCP
    Secure Socket Layer Protocol
    15154
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10607
    ESTABLISHED
    		  
    13:32:53
    665640256
    Port1
    -
    192.168.128.100
    40.68.222.212
    TCP
    Secure Socket Layer Protocol
    15186
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10782
    ESTABLISHED
    		  
    13:32:53
    665635680
    Port1
    -
    192.168.128.100
    40.68.222.212
    TCP
    Secure Socket Layer Protocol
    15187
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10782
    ESTABLISHED
    		  
    13:31:27
    666390592
    Port1
    -
    192.168.128.100
    134.170.51.187
    TCP
    Microsoft Updates
    15182
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    2450
    13
    This Appliance
    10696
    ESTABLISHED
    		  
    08:57:13
    Port1
    Port2
    192.168.128.100
    37.252.225.66
    TCP
    TeamViewer Conferencing
    13407
    5938
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x580000000a
    0x8001
    81
    18
    This Appliance
    10782
    ESTABLISHED
    		  
    13:32:53
    665633600
    Port1
    -
    192.168.128.100
    93.184.221.200
    TCP
    Secure Socket Layer Protocol
    15185
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10782
    ESTABLISHED
    		  
       
  • +1 in reply to Karel Cornelis

    Karel,

    I saw another thread where websites did not load because of IPS signature. Make sure you are using version 3.13.00 under Backup & Firmware > Patterns Update

    Thanks

  • 0 in reply to lferrara

    Thanks, the update solved the problem !!

  • 0 in reply to lferrara

    I just finished upgrading all 15 of my Sophos firewalls.  Most of them work fine, but I have something wrong with my IPS settings that is dropping some websites, like www.amazon.com.

    I am at firmware version SFOS 16.01.2 on all firewalls.

    I checked my patterns and I am at 3.13.08 for IPS and Application signatures.

    I see this message when I check the IPS logs:

    2016-11-28 17:39:56
    Signatures
    Drop
    username@hei-kc.com
    216.21.167.182 :TCP(55823)
    172.16.xxx.yyy :TCP(60681)
    1141015150
    OpenSSL DTLS SRTP Extension Parsing Denial of Service
    Operating System and Services
    Windows
    Server
    3
    07002
    Open PCAP

     

    I was using the general policy under the Intrusion Prevention advanced setting.  When I set it to none, the web site access works fine.

    Can you give me some assistance?

    Thanks!

  • 0 in reply to JohnSmock

    Same issue OpenSSL DTLS SRTP Extension Parsing Denial of Service and OpenSSL Invalid Session Ticket Denial of Service after updating to  SFOS 16.01.2 ,IPS and Application signatures 3.13.09.Not able to go to google page.