Web Policy issues - all traffic is blocked

Hi,

Hope this existing thread help you out. It seems it is the same issue you are encountering.

Let us know how it goes,

Regards,

Raphael

Thanks for the reply. I read through that thread and it seems that's a different issue. My issue is specifically related to web policies and the inability to access any website when I apply a web policy to a firewall rule. I did try using both Safari and Chrome when I have a web policy applied; both are experiencing the same issue (unable to access any website).

One thing I did notice is my 'Web Proxy' service is showing 'Stopped'. It's actually been that way ever since I installed Sophos XG V17-MR1 a couple days ago. Does Sophos XG use the 'Web Proxy' service to perform its filtering of websites (i.e. web policies)? If so, I'm assuming this is probably the issue. However, when I try to click 'Restart' on this service, it shows 'Running' for about 30 seconds then goes back to 'Stopped'.

Hi,

Yes, Web proxy services is necessary for website filtering.

meanwhile, you can try this command in the advance shell: service awarrenhttp:restart -ds nosync

but I would suggest you raise a support ticket for this one the soonest, and may be the support can help you out in the console.

Regards,

Raphael

Thanks for the info. I entered that command and I get '200 OK'. The Web Proxy is still showing Stopped so I tried restarting it but still the same thing - it goes from Running to Stopped almost immediately.

Is there any way to look at a system log to see why the Web Proxy service is stopping on its own?

I also just did a complete reinstall of Sophos XG and I'm still having the same issue.

Can you look at the following:

tail /log/awarrenhttp.log to see what is in the http log file.  I'd like to see this.

ls /var/cores to see if there are any coredumps

tail /log/syslog.log to see if anything is mentioned there at the time of restart

service -S | grep awarrenhttp

It should be RUNNING.  If it is not, then you won't have any browsing.  I think this is just the command line version of what the UI is showing.

Here's what's in the http log file:

1511396900.409154901 [ 8108/         (nil)]  config-parse.c:391   cfg_read_http_ini /cfs/proxy/http/awarrenhttp.conf: Transport endpoint is not connected

1511396900.409197203 [ 8108/         (nil)]   awarrenhttp.c:401   main error reading config, exiting

1511396915.591197035 [ 8154/         (nil)]   awarrenhttp.c:399   main reading configuration

1511396915.591233689 [ 8154/         (nil)]        config.c:378   config_init called

1511396915.593238123 [ 8154/         (nil)]  config-parse.c:391   cfg_read_http_ini /cfs/proxy/http/awarrenhttp.conf: Transport endpoint is not connected

1511396915.593279969 [ 8154/         (nil)]   awarrenhttp.c:401   main error reading config, exiting

1511396930.774889531 [ 8164/         (nil)]   awarrenhttp.c:399   main reading configuration

1511396930.774922734 [ 8164/         (nil)]        config.c:378   config_init called

1511396930.777133391 [ 8164/         (nil)]  config-parse.c:391   cfg_read_http_ini /cfs/proxy/http/awarrenhttp.conf: Transport endpoint is not connected

1511396930.777177865 [ 8164/         (nil)]   awarrenhttp.c:401   main error reading config, exiting

The only two things in /var/cores is:

core.!proxy!skein!de  core.readobject

Here is what's in the syslog.log:

Nov 22 14:07:29 (none) local0.info [ctipd][2548]: CEnginesContainer::UpdateSettings() - Updating

Nov 22 14:07:32 (none) local0.info ctasd[2896]: Save SenderID lists

Nov 22 14:07:32 (none) local0.info ctasd[2896]: Save SenderId lists finished

Nov 22 15:07:29 (none) local0.info [ctipd][2548]: CIpRepCache::Save() - Saved to file /tmp/ctipd.cache

Nov 22 15:07:29 (none) local0.info [ctipd][2548]: CIpRepCache::Save() - Saved to file /tmp/ctipd.cache_v6

Nov 22 15:07:30 (none) local0.info [ctipd][2548]: CEnginesContainer::UpdateSettings() - Updating

Nov 22 15:07:30 (none) local0.info [ctipd][2548]: CEnginesContainer::UpdateSettings() - Updating

Nov 22 15:07:32 (none) local0.info ctasd[2896]: Save SenderID lists

Nov 22 15:07:32 (none) local0.info ctasd[2896]: Save SenderId lists finished

Nov 22 15:26:32 (none) user.info kernel: [11977.655942] /proxy/skein/de[1055]: segfault at 22 ip 00000000f745b0d0 sp 00000000ffd6a460 error 6 in libperl.so[f740b000+182000]

And finally, this is the status of awarrenhttp:

awarrenhttp          DEAD

I'm able to browse websites as long as Web Policy is set to 'None' on my default firewall rule (LAN to WAN).

I just restarted Sophos XG and here's the data from the commands you mentioned (showing slightly different results):

awarrenhttp.log

1511403067.654824022 [ 4400/         (nil)]         epoll.c:1169  event_threads_exit epoll subsystem shut down

1511403067.654845302 [ 4400/         (nil)]     diskcache.c:305   disk_cache_release_cache writing cache index

1511403067.654908246 [ 4400/         (nil)]     diskcache.c:307   disk_cache_release_cache writing cache index done

1511403067.654923820 [ 4400/         (nil)]        config.c:431   config_exit called

1511403068.649981973 [ 4400/         (nil)] http_transform_threaded_engine.c:85    http_transform_threaded_engine_exit threaded_engine service shutting down

1511403068.650003228 [ 4400/         (nil)] http_transform_threaded_engine.c:88    http_transform_threaded_engine_exit threaded_engine service shut down

1511403068.650071904 [ 4400/         (nil)]   awarrenhttp.c:491   main shutdown finished, exiting

1511403083.826700704 [ 4443/         (nil)]   awarrenhttp.c:399   main reading configuration

1511403083.826733848 [ 4443/         (nil)]        config.c:378   config_init called

1511403083.901270949 [ 4443/         (nil)]        config.c:179   cfg_init No sandstorm license!

ls /var/cores

core.!proxy!skein!de  core.readobject       core.smtp_quarantine

syslog.log

Nov 22 17:09:20 (none) user.err kernel: [   75.442460] 642:appdev_open:dev open 1

Nov 22 17:09:20 (none) user.err kernel: [   75.442465] 642:appdev_open:dev open 1

Nov 22 17:09:20 (none) user.err kernel: [   75.492986] 621:appdev_open:dev open 1 1d

Nov 22 17:09:20 (none) user.err kernel: [   75.492989] 621:appdev_open:dev open 1 1d

Nov 22 17:09:20 (none) user.err kernel: [   75.492990] 621:appdev_open:dev open 1 1d

Nov 22 17:09:20 (none) user.err kernel: [   75.492991] 642:appdev_open:dev open 1

Nov 22 17:09:20 (none) user.err kernel: [   75.492994] 642:appdev_open:dev open 1

Nov 22 17:09:20 (none) user.err kernel: [   75.492999] 642:appdev_open:dev open 1

Nov 22 17:09:20 (none) user.err kernel: [   75.499883] 621:appdev_open:dev open 1 1d

Nov 22 17:09:20 (none) user.err kernel: [   75.499886] 642:appdev_open:dev open 1

service -S | grep awarrenhttp

awarrenhttp          STOPPED

Hi,  you've got some problems with your system.  But I'm not sure if it configuration or corruption.  I suspect the latter.

Yeah, I’m using the Home version so there’s no support.

I tried completely reinstalling everything but I’m still having the same issue. The device I’m running it on is a Qotom Q355G4: Intel Core i5-5250U, 4GB RAM, 32GB MSATA HDD. When I got the device, it had pfSense installed and I just run the Sophos XG installer. I’m wondering if maybe I need to do a complete format of the HDD before installing Sophos XG... I’ll have to do some searching around.

Everything is working now. I'm not sure exactly what fixed it because I performed multiple steps but here's what I did:

1. Used Gnome Partition Editor (GParted) to boot up my device. It was showing that my entire SSD was unpartitioned even though Sophos XG was already installed. There's really no way to format the drive in GParted, just delete, create and resize partitions, but I created a new partition using the entire SSD. My thought here was maybe there were remnants of the pfSense (BSD based) install that the Sophos XG (Linux based) installer couldn't read/overwrite so maybe there's parts of the SSD that were not accessible. Completely theory, I'm not that computer savvy.

2. Re-burned the Sophos XG ISO to my USB thumb drive. I was thinking maybe something was potential corrupt the first time I created the USB drive to install Sophos XG.

3. Installed Sophos XG.

4. Ran the configuration wizard but this time I did not automatically update my firmware during the setup process. I wanted to see if it was maybe an issue with V17-MR1.

After I had everything up and running, I checked the Services and sure enough, Web Proxy is up and running. I created a quick rule with some Web Policies and everything is now working as expected. I also noticed Scan HTTP is now working as expected as well - I was having issues with this previously. I waited about 5-10 minutes to make sure the Web Proxy remained running and then upgraded to V17-MR1 and setup everything again. I choose not to restore from a backup file because I was concerned maybe the old configuration was corrupt.

It's been up and running for about 30 minutes now and everything appears to be working fine.

Edit: Something else I noticed was the previous two times I installed Sophos XG, I noticed the Memory usage was 80%+ (4GB RAM) and Sessions were showing 150+, which seemed a bit odd for a fairly small home network. After about 12 hours, the Memory usage dropped to about 60% and the Sessions were down to about 10-30. This time when I installed Sophos XG, the Memory usage and Sessions were showing the latter (i.e. what I would expect) immediately.

Glad its working. 

If you cared to you could track down whether it is config or system.

Back up again, then restore your old one.  If everything still works then you are fine.  If it breaks again then you know its config and restore the one you just made of the working system.

Or just be happy its working and don't worry about why.

Glad its working. 

If you cared to you could track down whether it is config or system.

Back up again, then restore your old one.  If everything still works then you are fine.  If it breaks again then you know its config and restore the one you just made of the working system.

Or just be happy its working and don't worry about why.

Lol, yeah I think I'm just going to go with being happy it's finally working. I did a clean install before without restoring from a backup and I still had the same issue, so I'm assuming the issue was something to do with either the SSD partitioning or the ISO burn process. One thing I really need to do at some point is run some sort of SSD diagnostic to make sure it's not already going bad (device is less than a week old). Anyways, appreciate all of your help! Happy Thanksgiving.