Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 874 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SG blocking/timing out specific Bitdefender URL

Alexander Löflath

Sophos seems to block the Bitdefender URL nimbus.bitdefender.net:

With Web Filter Exclusion:
2021:12:09-16:10:05 gw httpproxy[12152]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.100.111" dstip="34.120.243.77" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffActioStand (Action _Standard)" size="348" request="0xa34d800" url="https://nimbus.bitdefender.net/" referer="" error="Connection timed out" authtime="0" dnstime="18" aptptime="229" cattime="0" avscantime="0" fullreqtime="127195703" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience" application="bdefnder" app-id="49"


Without:
2021:12:09-17:09:47 gw httpproxy[12152]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.100.111" dstip="34.120.243.77" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffActioStand (Action _Standard)" size="348" request="0x104d3c00" url="">nimbus.bitdefender.net/" referer="" error="Connection timed out" authtime="0" dnstime="16" aptptime="384" cattime="323" avscantime="0" fullreqtime="127251963" device="0" auth="0" ua="BDNC v2.4.21.10130 windows_amd64 (6bc4254)" exceptions="" category="105" reputation="trusted" categoryname="Business" application="bdefnder" app-id="49"

all other services or connections to Bitdefender seem to be fine:
2021:12:09-17:09:22 gw httpproxy[12152]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.100.190" dstip="3.121.8.251" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffActioStand (Action _Standard)" size="17555" request="0xdf12ee00" url="">cloudgz-ecs.gravityzone.bitdefender.com/" referer="" error="" authtime="0" dnstime="23011" aptptime="283" cattime="314" avscantime="0" fullreqtime="277156" device="0" auth="0" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" application="bdefnder" app-id="49"

Why does the specific URL run into a connection timed out?



This thread was automatically locked due to age.
Parents
  • 0

    try to open https://nimbus.bitdefender.net/ from browser.

    Which answer do you got? ("Bad Request"?)

    So the answer may be blocked. Check IPS / App-logs.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Hello Dirk, thanks for your answer. In the Sophos environment opening the URL in a browser results in a time out after a few minutes, on an extern Client without the sophos it results in a Bad request. The IPS log doesnt show any results regarding bitdefender or its IP's, adding Exclusions for specific networks/server to IPS doesnt solve the problem neither, same with adding exclusions to Application Control. Which other reasons may there be?

    Deactivating IPS, ATP was useless too. 

  • 0 in reply to Alexander Löflath

    you may exclude the destination IP (or DNS-HostGroup-nimbus.bitdefender.net) from transparent proxy completely ... and create a FW-rule to allow these traffic.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply Children
No Data
Unfiltered HTML