Thread Info
  • State Not Answered
  • Replies 45 replies
  • Subscribers 0 subscribers
  • Views 14091 views
  • Users 0 members are here
Options
Suggested

A Firewall rule does not work

most_ahdy
Hi all ,
   How to allow this type of traffic using Firewall rules "kindly find the attached photo of the dropped traffic"

Because I use the attached firewall rule and did not success in permitting this type of traffic.
Thanks,
Mostafa Aly
Parents
  • 0
    Exact version - 8.305?

    Also, please confirm that "Office web profile" is in "Transparent" mode and HTTPS traffic is being scanned.

    Does this happen with all HTTPS websites, or just 91.189.89.76?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Exact version - 8.305?

    Also, please confirm that "Office web profile" is in "Transparent" mode and HTTPS traffic is being scanned.

    Does this happen with all HTTPS websites, or just 91.189.89.76?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Yes its Exact version  is 8.305.
    "Office web profile" is in "Transparent" mode and HTTPS traffic is being scanned. confirmed as per the attached screenshot.

    Does this happen with all HTTPS websites, or just 91.189.89.76?
    At first with Ubuntu update this not happen just with 91.189.89.76 only but there is many IPs but I only list an example of the log.

    and this alway happen with any Https websites for example when access :"www.adtran.com/.../wp_myadtran_landing

    I receive the following :
    2012:07:26-13:29:11 asg httpproxy[6055]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc4bab038" function="ssl_log_errors" file="ssl.c" line="50" message="C 192.168.10.36: 4076055408:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1094:SSL alert number 48
    2012:07:26-13:29:11 asg httpproxy[6055]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc4bab038" function="ssl_log_errors" file="ssl.c" line="50" message="C 192.168.10.36: 4076055408:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:845:
    2012:07:26-13:29:11 asg httpproxy[6055]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="" srcip="192.168.10.36" dstip="" user="" statuscode="000" cached="0" profile="REF_bJTWXvAyTS (Office Web Profile)" filteraction=" ()" size="0" request="0xc4bab038" url="91.189.89.76" exceptions="" error="" .
  • 0 in reply to BAlfson
    Yes its Exact version  is 8.305.
    "Office web profile" is in "Transparent" mode and HTTPS traffic is being scanned. confirmed as per the attached screenshot.

    Does this happen with all HTTPS websites, or just 91.189.89.76?
    At first with Ubuntu update this not happen just with 91.189.89.76 only but there is many IPs but I only list an example of the log.

    and this alway happen with any Https websites for example when access :"www.adtran.com/.../wp_myadtran_landing

    I receive the following :
    2012:07:26-13:29:11 asg httpproxy[6055]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc4bab038" function="ssl_log_errors" file="ssl.c" line="50" message="C 192.168.10.36: 4076055408:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1094:SSL alert number 48
    2012:07:26-13:29:11 asg httpproxy[6055]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc4bab038" function="ssl_log_errors" file="ssl.c" line="50" message="C 192.168.10.36: 4076055408:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:845:
    2012:07:26-13:29:11 asg httpproxy[6055]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="" srcip="192.168.10.36" dstip="" user="" statuscode="000" cached="0" profile="REF_bJTWXvAyTS (Office Web Profile)" filteraction=" ()" size="0" request="0xc4bab038" url="91.189.89.76" exceptions="" error="" .
  • 0 in reply to BAlfson
    Yes its Exact version  is 8.305.
    "Office web profile" is in "Transparent" mode and HTTPS traffic is being scanned. confirmed as per the attached screenshot.

    Does this happen with all HTTPS websites, or just 91.189.89.76?
    At first with Ubuntu update this not happen just with 91.189.89.76 only but there is many IPs but I only list an example of the log.

    and this alway happen with any Https websites for example when access :"www.adtran.com/.../wp_myadtran_landing

    I receive the following :
    2012:07:26-13:29:11 asg httpproxy[6055]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc4bab038" function="ssl_log_errors" file="ssl.c" line="50" message="C 192.168.10.36: 4076055408:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1094:SSL alert number 48
    2012:07:26-13:29:11 asg httpproxy[6055]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xc4bab038" function="ssl_log_errors" file="ssl.c" line="50" message="C 192.168.10.36: 4076055408:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:845:
    2012:07:26-13:29:11 asg httpproxy[6055]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="" srcip="192.168.10.36" dstip="" user="" statuscode="000" cached="0" profile="REF_bJTWXvAyTS (Office Web Profile)" filteraction=" ()" size="0" request="0xc4bab038" url="91.189.89.76" exceptions="" error="" .