Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 4923 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connectwise Screenconnect blocked by Transparent Mode

AcielIT

Hi Sophos

It seems to me Transparent Mode is blocking Connectwise Screenconnect using port 80/443. The screenconnect client doesnt want to connect on port 80/443

To resolve problem add IP range to

Skip Transparent Mode Source Hosts/Nets  

Skip Transparent Mode Destination Hosts/Nets

 

Can you fix the bug in your firmware

 

Regards



This thread was automatically locked due to age.

  • Hi and welcome to the UTM Community!

    Googling site:community.sophos.com/products/unified-threat-management/f screenconnect, I see that your post is the first time this issue has been seen here.

    To know if this is a bug, we would need to see the line from the Web Filtering log where the block occurred.

    Cheers - Bob

    PS This is not a place to make official contact with Sophos.  You can do that by submitting a support request to Sophos.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA

  • I cannot help being annoyed by your question.   Any web filtering product applies a variety of techniques to evaluate a data stream.   That process will produce successful blocks as well as false positives.   The goal is NOT to build a product that never produces false positives, the goal is to produce a product that can be configured to cope with false positives when they occur.

    Tuning your solution requires learning how the product works and learning how to read the logs to know why a problem occurred.   You also need to understand the product or webpage that was affected.  If you do not want this inconvenience, then you can certainly go back to unfiltered websurfing.

    A quick web search for "connectwise screenconnect port usage" returned this result at the top of the result page:

    Screenconnect ports used
    So the ScreenConnect server software uses two ports, 8040 and 8041. 8040 is for the web service only, meaning just the website. 8041 is for the relay (the protocol the clients use to communicate to the server).
     
    So it may have nothing to do with web filtering.
     
    To the specific problem:   
    I do not recommend using the skip list, because it is too difficult to know which IP addresses need to be exempted.   The list is always subject to change, and in some cases, one IP address may serve multiple purposes that deserve different risk profiles.   Instead, use a web filtering exception that bypasses all checks and match on the host name or domain.  In my experience, this works as well as the skip list in every case, and it applies equally well to Standard Mode and Transparent Mode web filtering.
     
    To match the web filtering exception, do not use a regular expression.  The regular expression parser works correctly, but the ability of ordinary humans to correctly configure a regular expression is in doubt.   Instead, create a Website exception.   Enter the domain name, such as "ConnectWise.com", and check the box for "include subdomains".   Then create a Tag, such as "Bypass All" and apply it to the website exception.   Then in the web filtering exception, choose the match rule for "going to websites tagged as..." your tag name.
     
    Of course, your website exception can be configured for individual hosts if that is preferred.  Just enter the full host name in the web exception, and leave the subdomains option unchecked.
     
Unfiltered HTML