Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 18 replies
  • Subscribers 5 subscribers
  • Views 95186 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Random clients losing ability to connect to UTM

brendan.daniel

Hi all,

This is truly a weird one and I hope you can help me find a solution.

We have 2 ASG525's running in active-passive HA. Last night I updated one to 9.353-4 but this problem was occurring on the previous version over the last week, I was hoping the update would solve it :( 

The bulk of our 1200 users are working fine but we have been getting an increasing number of reports of a machine that cannot connect to the external Internet. When these users call up the help-desk guys have been verifying that they can connect to internal resources (Intranet, LMS etc) all correctly and they have lost all external access. Today, I have been working on a number of these devices to try and work out the cause, a reboot fixes them but that is not really a solution as it is becoming more regular.

A machine that is not working say has an IP address of 192.168.2.1 and the firewall has an address of 192.168.1.1. My machine has an address of 192.168.2.2.

From my machine I can ping the firewall but cannot ping the affected client.

From the firewall I can ping my machine but not the affected client.

From the core switch I can ping all 3 devices.

From my machine I can traceroute to google.com successfully.

From the affected machine the traceroute to google.com fails as soon as it hits the vlan address of the core switch.

From the firewall I can traceroute to my machine and google.com but not the affected machine.

From the core switch I can traceroute successfully to everything mentioned here.

I have tried to clear the ARP and route cache from the CLI of the UTM. I have tried to clear the ARP cache on the core switch. I have tried to reset every toggle switch possible in the UTM as the problem is occuring but nothing except an interface disconnect (or reboot) gets that machine to start making external connections once again.

Anyone got any ideas to help with this one?

Cheers,

Brendan



This thread was automatically locked due to age.
Parents
  • 0
    Hey guys,

    So, I have made a bit of progress with this over the last couple days. Support got back to me and after comparing all of my log & pcap files we have come to the conclusion that at the time of the faulty device it is actually asking for the connection directly instead of through Web Filtering, which there is no rule to allow.

    I presume the machines are losing access to the wpad.dat file for whatever reason. I updated and restarted the machine it is hosted on and this did improve the situation but we are still having the odd issue around the network. Can I host a wpad file that was compiled originally on a TMG box on the UTM and point the DHCP rules to it instead?

    We use a wpad.dat file here because I read a Sophos article a while back stating that if you only use transparent mode then certain outbound ports (81, 8080) will not work. Is that true?

    If I wanted to get rid of using the wpad.dat file and run all of our networks transparent (our Guest already is) what would I have to do? I have our core switch with a route of 0.0.0.0 .0.0.0.0 to the IP of the UTM. Is that all that is needed?

    Cheers,
    Brendan
  • 0 in reply to brendan.daniel

    "Can I host a wpad file that was compiled originally on a TMG box on the UTM and point the DHCP rules to it instead?" - Yes

    "[...] if you only use transparent mode then certain outbound ports (81, 8080) will not work. Is that true?" - In Transparent, the proxy only captures packets on port 80 (and on 443 if HTTPS scanning is enabled). In Standard, the proxy handles all ports listed in 'Allowed Target Services' on the 'Misc' tab. If you want other traffic to pass, you must add it to the list or make an explicit firewall rule allowing it.

    You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests." If you would like me to send you this document, send me an email requesting it to my member name here @ the domain listed in my signature block - please include your member name here in your email as this offer is only for members.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to brendan.daniel

    "Can I host a wpad file that was compiled originally on a TMG box on the UTM and point the DHCP rules to it instead?" - Yes

    "[...] if you only use transparent mode then certain outbound ports (81, 8080) will not work. Is that true?" - In Transparent, the proxy only captures packets on port 80 (and on 443 if HTTPS scanning is enabled). In Standard, the proxy handles all ports listed in 'Allowed Target Services' on the 'Misc' tab. If you want other traffic to pass, you must add it to the list or make an explicit firewall rule allowing it.

    You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests." If you would like me to send you this document, send me an email requesting it to my member name here @ the domain listed in my signature block - please include your member name here in your email as this offer is only for members.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML