Content filter no longer working

Patrick, show us the line from the Web Filtering log file where traffic was allowed that should have been blocked.

Cheers - Bob
PS Moving this to the Web Protection forum.

This line is a problem

failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080

These addresses are supposed to point to UTM or point through UTM to an internet address at Sophos so that Sophos can interecept them.

If you alllow the address to flow through to internet DNS, it should resolve to a non-working address at Sophos, on the assumption that it will cause the packet to flow toward your UTM where it can be intercepted.   If your UTM is not in the path to the internet, create a DNS entry that resolves that address to your UTM.

I think that's unrelated to Patrick's issue, Doug.  I think that's just the proxy starting and confd_config_filter complaining that IPv6 isn't activated.

Patrick, we still haven't seen any proof that the traffic you're seeing not-blocked is even passing through Web Filtering. In fact, your log shows two hours with not one web request appearing. Is 192.168.1.137 in one of the subnets in 'Allowed Networks' for any Web Filtering Profile?  If so and that Profile is in Standard mode, is your browser configured to use the proxy?

Cheers - Bob

"I am set to standard operation mode."

OK, so let's see what you get when you click on [Settings] at the bottom of the page 'Tools' 'Options' in Firefox.  If you have selected 'Use system proxy settings', then also show us [LAN Settings] at the bottom of the 'Connections' tab in 'Internet Options' in 'Control Panel' in Windows.

Cheers - Bob

"I am set to standard operation mode."

OK, so let's see what you get when you click on [Settings] at the bottom of the page 'Tools' 'Options' in Firefox.  If you have selected 'Use system proxy settings', then also show us [LAN Settings] at the bottom of the 'Connections' tab in 'Internet Options' in 'Control Panel' in Windows.

Cheers - Bob

Hi Bob

Yes on Firefox setting to 'Use system proxy settings'.  Here is the screen shot for the LAN settings:

The 'Automatically detect settings' selection is known to cause these problems.  You can either create an 'Automatic configuration script' or 'Use a proxy server'.  I would start with the second choice so that you can see what Exceptions you want to make under [Advanced].

Cheers - Bob

Thanks Bob.  So, sounds like I need to set a proxy server on each PC on the network.  Curious why it worked perfectly before.  Well, I guess you said that it was known for causing problems.

Thanks again...

Based on all that has been said, it appears that the automatic configuration mechanism stopped working, and as a result the proxy was bypassed.   Most likely, the DNS (or DHCP) entry for WPAD got deleted by accident, or a machine that was configured with DHCP switched to static IP and no longer received the WPAD data because it no longer talked to the DHCP server.

If the UTM is inline to the internet, you need to enable Transparent Web to detect and intercept these situations.   If it is not inline, I suggest you change to a bridge mode configuration, because it allowed me to move from out-of-band to in-band without changing any addressing.  Then enable Transparent Web as backup to Standard Web

See my post here for details of my transition to in-band, and feel free to send a Private Message if you have follow-up questions.

https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/101117/optimizing-web-proxy-lessons-learned

Agreed with Doug about having the Default Profile in Transparent and a Standard-mode Profile for the same subnet.

Configuring HTTP/S proxy access with AD SSO contains information about creating a GPO to distribute Proxy settings to everyone.

You might be interested in a document I maintain that I make available to members of the UTM Community, Patrick, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address.  For German-speaking members, I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

Cheers - Bob