Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 4867 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.405-5 block HTTPS to one machine on network.

DavidStephens

Issue started about 1 week ago.  I can access everything fine from laptops, tablets, phones.  Problem is Windows 10 desktop suddenly cannot access HTTPS sites.  I have all protection features turned off except Firewall.  I have rules in firewall to allow outbound traffic from all internal IPs to ANY external over any port yet desktop still cannot connect to HTTPS.  Windows Firewall is turned off.  Seeing in Sophos firewall logs that traffic from desktop is being blocked but cannot find any rule that is doing it.  Hope someone can point me in the correct direction.  Please let me know what other information I can provide.



This thread was automatically locked due to age.
  • 0

    Further information, if I enable web filtering proxy and proxy HTTPS connections they will work.

  • 0

    Hi David,

    Are you facing the issue even when the Web Protection is turned off globally?

    Take SSH to UTM and capture http.log for the source system. Post the output and see what blocks the request.  If the issue is only observed on a windows 10 platform, look into the browser settings if there was any change that can cause it.

    Thanks

  • 0 in reply to sachingurung

    Yes, I am facing the issue with web protection turned off.  I also experience the issue if web protection is turned on but specifically told not to proxy HTTPS.  I shall acquire the log information and post it this evening.  I have already verified everything is fine on the computer.  Browser setting and computer firewall are as expected.  Interesting note is after the issue started I changed the IP of the affected machine and it started working again.  I use static mapping to always assign the same IP to the desktop if that matters.  I did bring in another Windows 10 machine to the network for testing and it was not affected, only the one desktop is.

  • 0 in reply to sachingurung

    Here is a snippet from my packetfilter.log for an IP I should be able to hit.

    2016:09:16-14:40:34 router ulogd[4621]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="lag0" outitf="eth1" srcmac="f8:32:e4:72:8a:f0" dstmac="0c:c4:7a:32:57:6e" srcip="10.69.1.75" dstip="64.15.186.18" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="25650" dstport="8000" tcpflags="SYN"


    Not sure what rule is blocking it though, I have outbound from any internal machine on any port to any destination set to allowed.

  • 0 in reply to DavidStephens

    Hi David,

    srcip="10.69.1.75, is that the IP address for windows 10 system?

    Does creating an exception for the system works?

    Thanks

  • 0 in reply to DavidStephens

    fwrule="60002" means the packet was default dropped from the FORWARD chain because it did not qualify for any of your firewall rules.

    "I have outbound from any internal machine on any port to any destination set to allowed." I don't see that rule.  Please insert a picture of the edit of the rule you believe should allow this traffic.  Open the Service definition so that we can see that, too.

    Cheers - Bob