Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 5164 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No categorization -> connection refused

robert.giebel
Hello together,

I'm new here. One of our customers recently got a UTM9 (Version  9.204-20) firewall from Sophos and is using the Web Filter. It looks like, there's a problem connecting to the categorization servers, at least from where the firewall is at the moment. I'm getting lots of these errors in the http log: 

2014:08:07-14:11:50 SOPHOS httpproxy[5540]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_handle_cmd" file="scr_scanner.c" line="552" message="cffs05.astaro.com: write: Connection refused"

2014:08:07-14:11:50 SOPHOS httpproxy[5540]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xf1baaa0" function="sc_categorize_url_remote" file="scr_scanner.c" line="993" message="no categorization received for url: http://*****"

2014:08:07-14:11:50 SOPHOS httpproxy[5540]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_handle_cmd" file="scr_scanner.c" line="552" message="cffs05.astaro.com: write: Connection refused"

2014:08:07-14:11:50 SOPHOS httpproxy[5540]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xf2c1980" function="sc_categorize_url_remote" file="scr_scanner.c" line="993" message="no categorization received for url: http://*****"

2014:08:07-14:11:50 SOPHOS httpproxy[5540]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="sc_handle_cmd" file="scr_scanner.c" line="552" message="cffs05.astaro.com: write: Connection refused"

2014:08:07-14:11:50 SOPHOS httpproxy[5540]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xf7ae880" function="sc_categorize_url_remote" file="scr_scanner.c" line="993" message="no categorization received for url: *****"

2014:08:07-14:11:50 SOPHOS httpproxy[5540]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe91b980" function="send_request_headers" file="request.c" line="396" message="write() on AF 2 socket to 146.0.13.217 failed: Connection refused"


When this happens, the users get a "Connection refused" page shown and aren't happy.
Any idea how I can debug that further or what to do against that?
Is it possible to just accept all not-categorized URLs?

thanks in advance,
Robert


This thread was automatically locked due to age.
  • 0
    The default setting in Web Filtering is to not block un-categorized sites.  Check your category filter settings.

    Also, if connections to the categorization DB servers is being dropped, check for an upstream firewall upstream that is blocking these connections.  Also, you may want to try forcing the UTM to use the newer, better-performing SophosXL category DB lookup system.  You can do this by simply enabling UTM Endpoint (every license includes a couple of clients for free -- you don't need to configure it all the way, just turn it on) and the Web Control function associated with it.  Not sure why Sophos hasn't made that the default lookup system yet.
  • 0
    Are you allowing non-categorized websites?  (See attached screenshot)

    Another consideration:
    Enable SXL lookups instead of CFFS.
    https://community.sophos.com/products/unified-threat-management/astaroorg/f/81/t/65420
  • 0
    OK, I've checked and un-categorized sites aren't blocked by the filter. Thanks for showing me where to check that.
    Also, I've enabled Endpoint Protection and Web Control. If I understood right, that's all I need to do to Enable SXL lookups?
    I'll be setting up some tests now to see, if there's a problem with the internet provider that can cause the refused connections.
    Thanks for the help so far.
  • 0
    robert, that is all that is needed.  You should notice in the http.log that it no longer has the pings to the cffs servers every 10 minutes.

    That being said, switching services doesn't fix the underlying problem that your UTM is having major problems talking to the outside world.