This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.405-5 block HTTPS to one machine on network.

Issue started about 1 week ago. I can access everything fine from laptops, tablets, phones. Problem is Windows 10 desktop suddenly cannot access HTTPS sites. I have all protection features turned off except Firewall. I have rules in firewall to allow outbound traffic from all internal IPs to ANY external over any port yet desktop still cannot connect to HTTPS. Windows Firewall is turned off. Seeing in Sophos firewall logs that traffic from desktop is being blocked but cannot find any rule that is doing it. Hope someone can point me in the correct direction. Please let me know what other information I can provide.

This thread was automatically locked due to age.

Parents

0 sachingurung over 9 years ago

Hi David,

Are you facing the issue even when the Web Protection is turned off globally?

Take SSH to UTM and capture http.log for the source system. Post the output and see what blocks the request. If the issue is only observed on a windows 10 platform, look into the browser settings if there was any change that can cause it.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 DavidStephens over 8 years ago in reply to sachingurung

Here is a snippet from my packetfilter.log for an IP I should be able to hit.

2016:09:16-14:40:34 router ulogd[4621]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="lag0" outitf="eth1" srcmac="f8:32:e4:72:8a:f0" dstmac="0c:c4:7a:32:57:6e" srcip="10.69.1.75" dstip="64.15.186.18" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="25650" dstport="8000" tcpflags="SYN"

Not sure what rule is blocking it though, I have outbound from any internal machine on any port to any destination set to allowed.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 DavidStephens over 8 years ago in reply to sachingurung

Here is a snippet from my packetfilter.log for an IP I should be able to hit.

2016:09:16-14:40:34 router ulogd[4621]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="lag0" outitf="eth1" srcmac="f8:32:e4:72:8a:f0" dstmac="0c:c4:7a:32:57:6e" srcip="10.69.1.75" dstip="64.15.186.18" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="25650" dstport="8000" tcpflags="SYN"

Not sure what rule is blocking it though, I have outbound from any internal machine on any port to any destination set to allowed.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 sachingurung over 8 years ago in reply to DavidStephens

Hi David,

srcip="10.69.1.75, is that the IP address for windows 10 system?

Does creating an exception for the system works?

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 8 years ago in reply to DavidStephens

fwrule="60002" means the packet was default dropped from the FORWARD chain because it did not qualify for any of your firewall rules.

"I have outbound from any internal machine on any port to any destination set to allowed." I don't see that rule. Please insert a picture of the edit of the rule you believe should allow this traffic. Open the Service definition so that we can see that, too.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel