Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 4884 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.405-5 block HTTPS to one machine on network.

DavidStephens

Issue started about 1 week ago.  I can access everything fine from laptops, tablets, phones.  Problem is Windows 10 desktop suddenly cannot access HTTPS sites.  I have all protection features turned off except Firewall.  I have rules in firewall to allow outbound traffic from all internal IPs to ANY external over any port yet desktop still cannot connect to HTTPS.  Windows Firewall is turned off.  Seeing in Sophos firewall logs that traffic from desktop is being blocked but cannot find any rule that is doing it.  Hope someone can point me in the correct direction.  Please let me know what other information I can provide.



This thread was automatically locked due to age.
Parents
  • 0

    Hi David,

    Are you facing the issue even when the Web Protection is turned off globally?

    Take SSH to UTM and capture http.log for the source system. Post the output and see what blocks the request.  If the issue is only observed on a windows 10 platform, look into the browser settings if there was any change that can cause it.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Here is a snippet from my packetfilter.log for an IP I should be able to hit.

    2016:09:16-14:40:34 router ulogd[4621]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="lag0" outitf="eth1" srcmac="f8:32:e4:72:8a:f0" dstmac="0c:c4:7a:32:57:6e" srcip="10.69.1.75" dstip="64.15.186.18" proto="6" length="52" tos="0x00" prec="0x00" ttl="127" srcport="25650" dstport="8000" tcpflags="SYN"


    Not sure what rule is blocking it though, I have outbound from any internal machine on any port to any destination set to allowed.

  • 0 in reply to DavidStephens

    Hi David,

    srcip="10.69.1.75, is that the IP address for windows 10 system?

    Does creating an exception for the system works?

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to DavidStephens

    fwrule="60002" means the packet was default dropped from the FORWARD chain because it did not qualify for any of your firewall rules.

    "I have outbound from any internal machine on any port to any destination set to allowed." I don't see that rule.  Please insert a picture of the edit of the rule you believe should allow this traffic.  Open the Service definition so that we can see that, too.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to DavidStephens

    fwrule="60002" means the packet was default dropped from the FORWARD chain because it did not qualify for any of your firewall rules.

    "I have outbound from any internal machine on any port to any destination set to allowed." I don't see that rule.  Please insert a picture of the edit of the rule you believe should allow this traffic.  Open the Service definition so that we can see that, too.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data