Hi, i am new to Sophos UTM 9 and playing with this firewall from a week or so. i just want to configure some basic rules which i am unable to do so. i have experience with pfsense and untangle but this one is different. what i am trying to achieve is that: allow all traffic to network block some websites which includes (facebook, linkedin, twitter etc) both http & https. block p2p softwares i have figured out how to allow a single host or a network. when i am using this with Transparent Mode it does not allow https request and returns the certificate is not trusted error(cannot even open gmail.com). when i try this with standard mode it does nothing(google is not even accessible). tried both with "none" authentication mode. Thanks in advance.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New to Sophos UTM9,

Hi,
i am new to Sophos UTM 9 and playing with this firewall from a week or so. i just want to configure some basic rules which i am unable to do so. i have experience with pfsense and untangle but this one is different.
what i am trying to achieve is that:

allow all traffic to network
block some websites which includes (facebook, linkedin, twitter etc) both http & https.
block p2p softwares

i have figured out how to allow a single host or a network.
when i am using this with Transparent Mode it does not allow https request and returns the certificate is not trusted error(cannot even open gmail.com).
when i try this with standard mode it does nothing(google is not even accessible).
tried both with "none" authentication mode.

Thanks in advance.

This thread was automatically locked due to age.

Parents

0 kyle5281 over 12 years ago

The reason you are getting the certificate error is because the proxy is intercepting the traffic and then re-transmitting. If you add an exception for a certificate you should be able to browse to the site in question without an issue.

The easiest way to deploy the certificate is using GPO or an proxy-auto configuration script. It will save you alot of time in the future.

In transparent mode, users are not are not authenticated unless you prompt for them to login using the web browser. This causes alot of issues in larger organizations since users have to log on to every browser and need to manage multiple user names and passwords.

If you use standard authentication, you need to setup Active Directory/Open Directory, etc. to authenticate to the Asatro Box. The best way to implement user authentication is by far using AD SSO so the user is automatically authenticated when they logon to the domain. Keep in mind you need to setup your proxy settings and push them out to clients, preferably with GPOs.

Hope this helps
Kyle
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 kyle5281 over 12 years ago

The reason you are getting the certificate error is because the proxy is intercepting the traffic and then re-transmitting. If you add an exception for a certificate you should be able to browse to the site in question without an issue.

The easiest way to deploy the certificate is using GPO or an proxy-auto configuration script. It will save you alot of time in the future.

In transparent mode, users are not are not authenticated unless you prompt for them to login using the web browser. This causes alot of issues in larger organizations since users have to log on to every browser and need to manage multiple user names and passwords.

If you use standard authentication, you need to setup Active Directory/Open Directory, etc. to authenticate to the Asatro Box. The best way to implement user authentication is by far using AD SSO so the user is automatically authenticated when they logon to the domain. Keep in mind you need to setup your proxy settings and push them out to clients, preferably with GPOs.

Hope this helps
Kyle
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data