Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 4159 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to define the outgoing interface for Web Filtering

RomanoBanchieri

Hi,

For the first time, I've tried to activate the optional outgoing interface with the command "cc set http enable_out_interface 1", like described in https://community.sophos.com/kb/en-us/126892.

The new field appears in the WebAdmin Web filtering, have tried to put some of my secondaries WAN IP addresses, but without success, the source IP address for Web traffic is always my default WAN address.

Please, can someone confirm that this feature works, and with version 9.605?

Thank you,

Romano



This thread was automatically locked due to age.
Parents
  • 0

    Salut Romano,

    Please show us a picture and a log line like:

    2019:10:31-10:39:43 secure httpproxy[21585]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="172.2x.y.65" dstip="" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_RMxbSZXQTi (Office)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe1d53800" url="https://client.dropbox.com/" referer="" error="" authtime="0" dnstime="0" aptptime="0" cattime="0" avscantime="0" fullreqtime="342" device="1" auth="2" ua="" exceptions="auth,content,url,cache,size"

    Cheers - Bob

  • 0 in reply to BAlfson

    Hi Bob,

    like you can see :

    2019:11:03-18:57:19 portal-2 httpproxy[6301]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.x.x" dstip="62.2.148.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default filter action)" size="173" request="0xc79e4a00" url="http://www.myip.ch/" referer="" error="" authtime="0" dnstime="72038" aptptime="84" cattime="43228" avscantime="7297" fullreqtime="162368" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="178" reputation="unverified" categoryname="Internet Services" country="Switzerland" sandbox="-" content-type="text/html"
     
    And the resulting IP address is my WAN address, not the WAN Tests address.
     
    Cheers,
    Romano
     
     
  • 0 in reply to RomanoBanchieri

    OK, Romano, we are led ineluctably to conclude that there's an SNAT rule capturing the traffic.  Do you have an SNAT that uses "WAN (Address)" for traffic from Any?

    Cheers - Bob

Reply Children