Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 19 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 20347 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9 policy not blocking selected categories

tony gonzalez

Hello -

Recently I have been experiencing issues with my home policy not blocking the categories I chose (see screenshots). I have tried everything I know, still learning Sophos but I am out of ideas.

am I doing something wrong?

Respectfully,

Fullscreen Live Log.txt Download 
Live Log: Web Filtering 	
Filter: 	
		Autoscroll 	
Reload
2017:02:24-15:07:34 gonzo httpproxy[23534]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="142" message="reloading ATP pattern"
2017:02:24-15:07:35 gonzo httpproxy[23534]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="160" message="reloading ATP pattern finished"
2017:02:24-15:10:30 gonzo httpproxy[23534]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="586" message="reloading config"
2017:02:24-15:10:30 gonzo httpproxy[23534]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="540" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2017:02:24-15:10:30 gonzo httpproxy[23534]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3747" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2017:02:24-15:10:30 gonzo httpproxy[23534]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="642" message="reloading config done, new version 3894"
2017:02:24-15:21:32 gonzo httpproxy[23534]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="586" message="reloading config"
2017:02:24-15:21:32 gonzo httpproxy[23534]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="540" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2017:02:24-15:21:32 gonzo httpproxy[23534]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3747" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2017:02:24-15:21:33 gonzo httpproxy[23534]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="642" message="reloading config done, new version 3895"

confused person :)



This thread was automatically locked due to age.
Parents
  • 0

    there are only administrative actions logged within your web filter live-log.

    i thing your web-proxy configuration is not correct.

    - do you use proxy-profiles?

    - do you use transparent or standard mode?

    - which networks are within the "allowed networks" list?

    post some screenshots from your proxy configuration please

     

     

  • 0 in reply to dirkkotte

    Hello,

    Thanks for the reply, once I get home I will provide screenshots.

    I do use a proxy profile - just have one

    I use transparent mode

    Only the internal network is allowed to use the proxy

  • 0 in reply to tony gonzalez

    Yes ... that's bad. Traffic you see within packetfilter don't pass the proxy!

    here is your problem ...

    within skiplist you configure (nearly) the full traffic to NOT use the proxy.

    using skiplist is a rough way to work with proxy problems (you say do NOT use the proxy)

    within source-hosts you can define internal hosts they should NOT use Proxy.

    within destination hosts you define partners you wish to use without proxy (possible the bank)

    but first you should try to configure exceptions for some functions within proxy to correct proxy access problems.

     

  • 0 in reply to tony gonzalez

    Hi, Tony, and welcome to the UTM Community!

    First, confirm that you have selected either 'URL filtering only' or 'Decrypt and scan' on the 'HTTPS' tab of 'Web Filtering'.  On the 'Policies' tab, open the 'Filter Action' and go to the 'Additional Options' tab.  At the bottom of that, confirm that you have selected both 'Log accessed pages' and 'Log blocked pages'.  To restart the Proxy, disable and then re-enable 'Web filtering status' on the 'Global' tab.

    Now, open the Web Filtering Live Log, wait for it to show a few lines and then test your access and blocking.

    Cheers - Bob

  • 0 in reply to BAlfson

    Awesome thanks Bob I'll try this  later today and report back. Appreciate the assistance, and thanks again.

    Tony

  • 0 in reply to BAlfson

    Hi BAlfson,

     

    Hello - 

    Followed your steps, but unfortunately the issue persist. The categories I have selected to block, are not being blocked by the proxy. However in the policy Helpdesk, it works there - I'm lost for ideas, but thank you for your suggestion.

     

    tony 

  • 0 in reply to tony gonzalez

    Hi Tony,

    do you see the http(s) traffic within packetfilter  any longer?

    Do you read my last post?

    I think your traffic don't pass the web-security regarding the transparent-proxy-skiplist.

    try to remove the source host entries from "transparent mode skiplist".

    Hosts lists here don't use the proxy function but packet-filter.

  • 0 in reply to dirkkotte

    tried it, still doesn't work.

  • 0 in reply to tony gonzalez

    Tony, if this is a free home-use license, I think you should take some backups off the UTM and re-install from ISO.  If it's a paid license, it's time to get Sophos Support involved.

    Cheers - Bob

  • 0 in reply to dirkkotte

    yes removed the internal network from the transparent mode source, and proxy still doesn't block selected categories.

  • 0 in reply to BAlfson

    It's a free home-use license. How does the back-up work? take them within the UTM, then reinstall the ISO once the installation is complete, apply the back-ups?

    I'll have to find some downtime, as my internal network can't be down for long. (Kiddos need their interwebz :) 

    thank for the help and suggestions.

     

    tg

  • 0 in reply to tony gonzalez

    To restore a backup to a new or newly reimaged UTM, put the backup in the root directory of a USB memory stick and boot the UTM with the stick inserted.  There must not be more than one backup in the root directory.  You cannot restore a 9.411 backup to a UTM with 9.408 firmware, but you can restore an older backup to a unit with newer firmware.  The reimaging process deletes everything on the disk, so take several different backups before reimaging.

    Cheers - Bob

Reply
  • 0 in reply to tony gonzalez

    To restore a backup to a new or newly reimaged UTM, put the backup in the root directory of a USB memory stick and boot the UTM with the stick inserted.  There must not be more than one backup in the root directory.  You cannot restore a 9.411 backup to a UTM with 9.408 firmware, but you can restore an older backup to a unit with newer firmware.  The reimaging process deletes everything on the disk, so take several different backups before reimaging.

    Cheers - Bob

Children
No Data