Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 1014 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with Sophos UTM Notification PopUps

BobG

Not sure where to posting problem.

A month ago on 10/20/2021, first reports from users unable to open PDF documents.   Had users send screen shots of Sophos 'Content Warning' for a PDF document.  We have a policy that users downloading certain file extensions such as PDF and ZIP files, they are prompt with a warning message and must click the [Proceed] button to continue the download process. 

The problem is on a Sohos UTM HA software appliance v9.707-5 running on two Dell servers.  On 10/15/2021 installed three updates Sophos UTM 9.705-7, 9.706-9 then 9.707-5 on Node 2.  Then on 10/19/2021 upgrade Node 1.   Also on had cert expiration 11/3/2021.

The issue is with all the Sophos Notification 'Warning/Error'  Pop Ups are not rendering the HTML GUI and only displays the text content of the message. 

Was able to replicate problem on my WS.  Viewed 'Page Source' and can see the problem.  Link refers to  unsolvable source

Had though it was suppose to refer 'passthrough.fw-notify.net'   That evening I checked my home UTM which was running 9.707-5 code.

Confirmed I was correct.

Back at work next day searched for the template which generates the popup and found it here...

The template uses the '<?host?>'  variable but I have searched from root for a way to find the variable and it's value. 

Can not see any way to reset it in the WebAdmin GUI.  At this point I am stumped.

Strongly suspect it is related to updating Node 2.

Bob G.



This thread was automatically locked due to age.
Parents
  • +1

    Solved: Found the where the cause of the issue.  It was related to the new certificate installed in October.   

    As a work around thought just create a 'passthrough.cmh-utm-3' host record.  When creating it, got a message that host record already exist.  So searched 'Network Definitions' for an entry and found a record.  Weird thing is it was a [view] only.  Thought this might be something push out of SUM.  Search SUM and found no entries.  

    Back on the UTM WebAdmin, Looked to see where that host record was used. Showed this path 'WebProtection -> Filtering Options -> Misc' where this object was used. 

    Browse to [Misc] page, scolled down and found in the "Certificate for End-User Pages' section 'Use a custom certificate for HTTPS pages' checked. The hostname is 'cmh-utm-3' .  I had recently selected the new cert.   Unchecked the 'Custom Certificate'  checkbox and [Apply].   The view-only host record disappeared.

    Tested by accessing web page to download a PDF document.  This time the page render the GUI elements and viewed the page code shows the 'passthrough' URL changed back to default:   <link href="https://passthrough.fw-notify.net/static/default.css" rel="stylesheet" type="text/css" />

    Going to leave it as is.

    Bob G. 

Reply
  • +1

    Solved: Found the where the cause of the issue.  It was related to the new certificate installed in October.   

    As a work around thought just create a 'passthrough.cmh-utm-3' host record.  When creating it, got a message that host record already exist.  So searched 'Network Definitions' for an entry and found a record.  Weird thing is it was a [view] only.  Thought this might be something push out of SUM.  Search SUM and found no entries.  

    Back on the UTM WebAdmin, Looked to see where that host record was used. Showed this path 'WebProtection -> Filtering Options -> Misc' where this object was used. 

    Browse to [Misc] page, scolled down and found in the "Certificate for End-User Pages' section 'Use a custom certificate for HTTPS pages' checked. The hostname is 'cmh-utm-3' .  I had recently selected the new cert.   Unchecked the 'Custom Certificate'  checkbox and [Apply].   The view-only host record disappeared.

    Tested by accessing web page to download a PDF document.  This time the page render the GUI elements and viewed the page code shows the 'passthrough' URL changed back to default:   <link href="https://passthrough.fw-notify.net/static/default.css" rel="stylesheet" type="text/css" />

    Going to leave it as is.

    Bob G. 

Children
No Data
Unfiltered HTML