I got a strange issue which I have for a longer time now.
It happens randomly and it fixes itself after some days.
Suddently some or only one user give me an feedback that all webpages are blocked by Sophos and when I take a look into the Proxy Live log I can see that these users aren´t recognized with username
2014:08:06-11:17:51 gw-1 httpproxy[6183]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="block" method="GET" srcip="192.168.xx.xx" dstip="xx.***.xx.***" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="278" request="0xe3634ee0" url="officeimg.vo.msecnd.net/.../file.aspx
I really don´t know what to do and why this happens.
Restarted the Client, deleting temp folders,...
My configuration:
UTM 220 Release 9.203-3:
Standard Authentication Mode with AD SSO.
Additionally A WPAD File is configured in Sophos and the Clients using this:
function FindProxyForURL(url, host) {
var proxy_yes = "PROXY 192.168.xx.x:8080";
var proxy_no = "DIRECT";
var proxy_failback = "PROXY 192.168.xx.x:8080; DIRECT";
// Interne Webseiten
if (shExpMatch(url,"*.domain.local/*")) {return proxy_no;}
// Homenet
if (isInNet(host, "192.168.xx.0", "255.255.252.0")) {
return proxy_no;
}
return proxy_failback;
}
The other configuration is attached as picture.
Hope you can help me [:S][:O]
At the moment I changed the Base Policy to Default so all ppl can use the internet...
greets
Philipp
This thread was automatically locked due to age.
