Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 11249 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall v17 Recategorization not working

Alex Yao

I believe there is a bug with the custom url categories. I have a custom category created with both domains and keywords. I then have this category added to a user activity and blocked using a policy. It seems that Sophos shows the url categorized as that custom category for about an hour or so. Then something switches (without my interaction) and it disappears from the custom category. Diagnosis Url Categorization no longer shows the custom category listed, only the original category. I can temporary fix it by removing the category, removing the web policy, rebooting, adding the category and web policy. Then it will work for another couple hours before it occurs again.

This bug is extremely frustrating. Is this a common problem?



This thread was automatically locked due to age.
  • 0

    Not a common problem.  Are you using a cluster?  Are you using SFM?  Are you doing anything with the XML API?

  • 0 in reply to Michael Dunn

    No. I am not using any of those. While running v17 MR1, I removed the previous category that I had created, restarted, created a new category with a different name, and imported the domains and keywords I previously had. This was able to solve the problem until now. I have just updated to v17 MR2 and again have encountered the same issue. The domains that were previously recategorized correctly are again missing from my custom category. I have again removed the category and added the domains to fix the issue. 

    The problem may be with the Sophos updates to the firewall. I believe the same issue occurred when I upgraded from v16 to v17. It has again occurred with the upgrade from MR1 to MR2.

  • 0

    This issue has come back again. Sophos randomly decides to remove my custom categories. The url remains in the category but it is no longer categorized in the category. When I remove the category and add the urls back, it claims that they are invalid. Upon a reboot, it accepts them again. Then it's just a matter of time before it removes the domains again.

  • 0

    Hi,

    Yes, I also observed similar issue in which automatically custom category url blocked by default rule and during this issue url is not showing in custom category list when I check this website in check category through check category option.

    Even when I faced this issue i shared my screen with Sophos engineer to find out why this is happening. but they are not able to understand why this is happening. I wait for solution for 1 days and after that I restart firewall after that it works normally.

  • 0 in reply to Dilip Patel

    The workaround for me has been to just place the domains in keywords. This works, but it is not ideal.

  • 0 in reply to Alex Yao

    I'd like to look into this, if anyone has reproduction steps or more info please let me know in this thread or in PM.  Ideally, if you had a box in this bad state that you would allow us to look at.

  • 0 in reply to Michael Dunn

    I don't know exactly what the reproduction steps are. I will explain what I did that lead up to this issue.

    I created a freshly installed VM on VMware ESXi. Next, create a category and either import or type some domains into the category. Add the category to a new user activity and block this user activity using a web policy. Eventually (not sure exactly how long), the firewall will no longer categorize some domains in the category. In my case, mobfox.com was one of those domains that was no longer categorized. Some domains will remain categorized, but some will not. I'm not sure how it decides what will remain categorized and what will not. Looking up the domain in Diagnostics->URL Category Lookup will no longer show the category for that particular domain. 

  • 0 in reply to Michael Dunn

    Yes it seems common issue in v17. we have Active-Active HA setup and we faced same issue.

    after restarting both firewall it works normally.