Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 28 subscribers
  • Views 10241 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues filtering with major websites

Karel Cornelis

Since this morning 22/10 a lot of website are not working anymore, for example  google.com, facebook, twitter, windows update, o365. Then other are do working, like Bing.com etc. I rebooted XG but still same problem. If I switch of filtering everything works fine. Last night everything was OK. Anybody else with the same issue?



This thread was automatically locked due to age.
Parents
  • 0

    I think it is ssl certificate related. Http websites are working

  • 0 in reply to Karel Cornelis

    Karel,

    make sure that Patterns are updated. Go to Backup & Firmware > Pattern Update and make sure the both AV and Sophos are updated. If patterns are not updated, Web Filtering will block traffic.

    Thanks

  • 0 in reply to lferrara

    That looks fine, so funny everything was working last night.

     

  • 0 in reply to Karel Cornelis

    What do you see from Web logs?

    Post web logs

    Thanks

  • 0 in reply to lferrara
    13:32:56
    665639008
    Port1
    -
    192.168.128.100
    40.77.226.249
    TCP
    Secure Socket Layer Protocol
    15188
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10786
    ESTABLISHED
    		  
    13:28:26
    1051124128
    Port1
    -
    192.168.128.100
    204.79.197.200
    TCP
    Secure Socket Layer Protocol
    15152
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10516
    ESTABLISHED
    		  
    13:28:26
    1051130784
    Port1
    -
    192.168.128.100
    204.79.197.200
    TCP
    Secure Socket Layer Protocol
    15151
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10516
    ESTABLISHED
    		  
    13:29:57
    665632768
    Port1
    -
    192.168.128.100
    207.46.194.33
    TCP
    Secure Socket Layer Protocol
    15154
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10607
    ESTABLISHED
    		  
    13:32:53
    665640256
    Port1
    -
    192.168.128.100
    40.68.222.212
    TCP
    Secure Socket Layer Protocol
    15186
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10782
    ESTABLISHED
    		  
    13:32:53
    665635680
    Port1
    -
    192.168.128.100
    40.68.222.212
    TCP
    Secure Socket Layer Protocol
    15187
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10782
    ESTABLISHED
    		  
    13:31:27
    666390592
    Port1
    -
    192.168.128.100
    134.170.51.187
    TCP
    Microsoft Updates
    15182
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    2450
    13
    This Appliance
    10696
    ESTABLISHED
    		  
    08:57:13
    Port1
    Port2
    192.168.128.100
    37.252.225.66
    TCP
    TeamViewer Conferencing
    13407
    5938
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x580000000a
    0x8001
    81
    18
    This Appliance
    10782
    ESTABLISHED
    		  
    13:32:53
    665633600
    Port1
    -
    192.168.128.100
    93.184.221.200
    TCP
    Secure Socket Layer Protocol
    15185
    443
    1
    ESTABLISHED, ASSURED
    1
    1
    3
    0x584000800a
    0x8001
    100
    5
    This Appliance
    10782
    ESTABLISHED
    		  
       
  • +1 in reply to Karel Cornelis

    Karel,

    I saw another thread where websites did not load because of IPS signature. Make sure you are using version 3.13.00 under Backup & Firmware > Patterns Update

    Thanks

  • 0 in reply to lferrara

    Thanks, the update solved the problem !!

  • 0 in reply to lferrara

    I just finished upgrading all 15 of my Sophos firewalls.  Most of them work fine, but I have something wrong with my IPS settings that is dropping some websites, like www.amazon.com.

    I am at firmware version SFOS 16.01.2 on all firewalls.

    I checked my patterns and I am at 3.13.08 for IPS and Application signatures.

    I see this message when I check the IPS logs:

    2016-11-28 17:39:56
    Signatures
    Drop
    username@hei-kc.com
    216.21.167.182 :TCP(55823)
    172.16.xxx.yyy :TCP(60681)
    1141015150
    OpenSSL DTLS SRTP Extension Parsing Denial of Service
    Operating System and Services
    Windows
    Server
    3
    07002
    Open PCAP

     

    I was using the general policy under the Intrusion Prevention advanced setting.  When I set it to none, the web site access works fine.

    Can you give me some assistance?

    Thanks!

Reply
  • 0 in reply to lferrara

    I just finished upgrading all 15 of my Sophos firewalls.  Most of them work fine, but I have something wrong with my IPS settings that is dropping some websites, like www.amazon.com.

    I am at firmware version SFOS 16.01.2 on all firewalls.

    I checked my patterns and I am at 3.13.08 for IPS and Application signatures.

    I see this message when I check the IPS logs:

    2016-11-28 17:39:56
    Signatures
    Drop
    username@hei-kc.com
    216.21.167.182 :TCP(55823)
    172.16.xxx.yyy :TCP(60681)
    1141015150
    OpenSSL DTLS SRTP Extension Parsing Denial of Service
    Operating System and Services
    Windows
    Server
    3
    07002
    Open PCAP

     

    I was using the general policy under the Intrusion Prevention advanced setting.  When I set it to none, the web site access works fine.

    Can you give me some assistance?

    Thanks!

Children