I monitored a strange behaviour of the Sophos Endpoint Security client.
I am using the client on all my windows machines I have. With some of them
I connect to my UTM @ home via the VPN-SSL Client.
Everything is working fine, using to route "all" traffic through the tunnel option.
But the Endpoint Security Client, exactly one of the update components
is still using the direct internet connection after establishing the VPN connection.
I am using a DNS Leak fix https://www.dnsleaktest.com/how-to-fix-a-dns-leak.php
for the Sophos OpenVPN Client.
No program or something else is making any problems, except for the Sophos Enpoint Security client.
This is a part of the TCP stream that causing me to think that it has to do with the Sophos Client:
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Content-Length: 11
action=noopGET /wdx/poll/******e-***x-***x-***x-***xc***c***?l=0&b=0&p=******************************************x HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
User-Agent: wdx-client/10.3.1
X-Sophos-Filter: ******************************************x
Host: ************-***x-***x-***x-b*********xx-wdx-f6c3.broker.sophos.com
Here is a snippet during an established VPN connection from one of my windows clients to my UTM @ home.
Sophos.jpg
To avoid this, I need to restart all the services of the Endpoint Client manually after building up the tunnel.
Does anyone have seen this behaviour too?
Or do I get here anything wrong?
Using the latest 9.1 software release.
Thanks in advance, and sorry for my bad english again [:)]
This thread was automatically locked due to age.
