Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 2307 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange problem Skydrive

apijnappels
My skydrive is continuously trying to update some added files (they were added from another location).
So say I added files from location A and I'm now at location B.

Location B is trying to sync the local skydrive with the cloud version but not everything is syncing and skydrive tries continuously.

In the firewall log I see a lot of packages coming from a Microsoft server port 443 going to my External WAN address at some high port number.

I just unchecked scan HTTPS traffic and now all of a sudden all files are synced. I didn't think of checking which file was missing (it was only 1 file that didn't sync while several others did succesfully sync).

It seems that something was blocking this 1 file due to scan HTTPS.

Is this a known issue or can I somehow get around this?


This thread was automatically locked due to age.
  • 0
    if you unchecked HTTPS scanning, the update is permitted by firewall rules and there you can see something
  • 0
    You would need to look in the Web Filtering log to see why the blocks occured.  A line or two from there should tell us whether you can use an Exception for anti-virus or if you need to skip SSL scanning altogether.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    I only thing I can find now is a lot of traffic like this: 

    2013:08:31-07:55:45 utm ulogd[4529]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth3" srcmac="0:14:f1:e8:73[:D]9" dstmac="0:22:4d:a5:e8:31" srcip="207.46.11.152" dstip="*.*.*.*" proto="6" length="40" tos="0x08" prec="0x40" ttl="51" srcport="443" dstport="34933" tcpflags="ACK RST" 

    2013:08:31-08:05:50 utm ulogd[4529]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth3" srcmac="0:14:f1:e8:73[:D]9" dstmac="0:22:4d:a5:e8:31" srcip="207.46.101.8" dstip="*.*.*.*" proto="6" length="40" tos="0x08" prec="0x40" ttl="53" srcport="443" dstport="40535" tcpflags="ACK RST" 

    2013:08:31-12:25:01 utm ulogd[4529]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth3" mark="0x1000" srcmac="0:14:f1:e8:73[:D]9" dstmac="0:22:4d:a5:e8:31" srcip="207.46.101.8" dstip="*.*.*.*" proto="6" length="576" tos="0x08" prec="0x40" ttl="52" srcport="443" dstport="42822" tcpflags="ACK" 


    It's a Microsoft IP-address and it's source port = 443, so I think it may be a secure website trying to communicate back to me.
    After a quick look I cannot find anything in web-filtering log.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    Those are response packets from a server that the UTM sent an HTTPS request to.  The connection tracker had a timeout.  The key will be what you see in the Web Filtering logfile when the failure occurs.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    There are a lot of Microsoft Websites that don't work corectly with Https Inspection. I've defined a Lot of exclusions for that sites. Skydrive is One of them. You should exclude ssl scanning for this sites.

    vg
  • 0 in reply to mod2402
    There are a lot of Microsoft Websites that don't work corectly with Https Inspection. I've defined a Lot of exclusions for that sites. Skydrive is One of them. You should exclude ssl scanning for this sites.

    vg


    How would I do that? Try to make an exception for *.microsoft.com will not work I guess.... Is there a specific IP-range to except?

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    Please post the lines related to Skydrive for 2013:08:31-12:25:01 from the Web Filtering logfile.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    I just ran into this with SkyDrive Pro since you can't tell it to use credentials.  I had to add *.sharepoint, *.office365.com, *.outlook.com, and *.lync.com in order the stuff to work.  My Exchange Online account worked without the exceptions, but SkyDrive Pro didn't.  If you are using SkyDrive maybe try adding an exception to skydrive.live.com or just *.live.com and check.
  • 0 in reply to BAlfson
    Please post the lines related to Skydrive for 2013:08:31-12:25:01 from the Web Filtering logfile.

    Cheers - Bob


    At that exact time there was nothing in the logfile, there are however several entries around that time. From that I think I have to make the following execpetions: 

    ^https?://([A-Za-z0-9.-]*\.)?livefilestore\.com

    ^https?://([A-Za-z0-9.-]*\.)?bay-m\.hotmail\.com


    I had added the first one earlier and hope the second one was the missing one. I will probably soon now if this worked or not since now everything synced when I disabled HTTPS scanning.

    I am not using Skydrive Pro btw, so I will wait with adding all the above exceptions until I am sure it is necessary in my environment.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Cookie Information Banner