This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos showing IP's not usernames...

We are running Sophos UTM 9 and it appears to resolving many of our web requests by the users ip address and not their username resulting in the user getting a Default content filter action. Logs will appear as such: srcip="xx.***.x.xx" dstip="" user="" statuscode="401" cached="0" profile="REF_HttProInternal (Internal)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)".
I can't have this affecting our users set policy like this.
Also many of the reports show only client IP's and not their usernames. How can I pull reliable reports if Sophos logs by username as well by IP and they both display different data.
Any thoughts anyone?

This thread was automatically locked due to age.

0 BAlfson over 11 years ago

Hi, tubbsr, and welcome to the User BB!

First, take note of the https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/22065. Only #6 is peripherally related to your issue. More likely to be helpful is Configuring HTTP/HTTPS proxy access with AD SSO with a Sophos UTM.

It appears that your user is correctly selected by the "Internal" Profile, but fails to qualify for any of the Filter Assignments, and so is selected for the 'Fallback action.' This normally is due to an incorrect definition of a backend group. The second link I provided might help you find your mistake.

Cheers - Bob
PS When posting an issue, please remember to always state exact version of the software at issue - 9.109-1?
Cancel
Vote Up 0 Vote Down

Cancel