Does anyone else use Sophos Central (Endpoint Control + Web Control) with MacOS devices that are laptops? Our laptops go home with users everyday and when they come back, a portion of the devices continue to query "http.00.a.sophosxl.net" but receive a Timeout, thousands of times. When we investigate on our Firewall logs, we see each device is still trying to query either their local DNS at home (not routable) or their ISP's DNS server which is also not routable.
It seems like the Sophos client Caches the DNS server provided at a User's house. When they return to the network, they continue making failed queries to these servers. They are doing direct requests to DNS servers and timing out constantly.
This was a waste of time.
I believe I am having the same issue, how were you able to diagnose the timeout? is there a particular command to run in terminal or just capture some packets.
I would see the timeouts littering my firewall logs, thousands of them. I could also run TCP dump on the laptop to see that they were indeed trying to query the wrong server. Doesn't matter, Sophos didn't give a !@#$ about the issue and abandoned the ticket as "Everything is working as designed". This product is trash, sorry guys.
#sudo tcpdump -c 10000 -i en0 -s 0 -w /tmp/DumpFile.dmp
Hi Oxal Ortiz
We need to diagnose this further with certain logs. I would recommend you to kindly open a support case for an in-depth investigation to check on this issue.
Your support team did absolutely nothing to resolve this issue and it is still happening. Why do you recommend contact support for this? They don't take the issue seriously and it's a waste of time. Just move on to another product.
Hi I T1
I am extremely sorry for the inconvenience. I would request you to please PM me the case number you have registered and will check with the concerned team.