This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue with Forcepoint PAC file and Sophos

Good morning

We use Forcepoint (formerly Websense) web filtering, using a PAC file to configure proxy settings.  

The PAC file is configured, so that if we can't talk to our appliance located in the Data Center, it will failover to a web based filtering solution provided by Forcepoint .

IF in the Sophos endpoint client Real Time Scanning -> Internet is enabled,we cannot browse the internet. 
If in Sophos Cloud any options in "Real Time scanning - Internet" are checked, we cannot browse the internet.

IF in the Sophos endpoint client Real Time Scanning -> Internet is disabled OR 
in Sophos Cloud Central we set a policy where Real-time Scanning - Internet we disable Scan downloads in progress, Block access to malicious websites and Detect low-reputation files, we can browse the internet OK.

We are receiving an ERR_EMPTY_RESPONSE when we cannot browse the internet.
This is only affecting Google Chrome.  Internet Explorer and Edge can browse the internet whatever the settings above.

 

There is nothing in the events section of Sophos client when these issues occur.

In the Sophos Cloud events section for my PC, Applications svchost,chrome, swi_fc have been clocked by an endpoint firewall - however, these messages have only recently appeared - we've had the issues long before the events appeared.

I've attempted to add an exclusion for website 127.0.0.1.

 

Can anyone help?

 



This thread was automatically locked due to age.
Parents
  • Just an addition - I've checked the Sophos policy for the Windows Firewall - it's set to monitor only.

  • Hello Jon,

    We don't usually recommend having another appliance/application that does a similar function, ie Web Filtering, that Sophos would usually do since this does mean that if you have both Sophos and Forcepoint actively monitoring internet traffic on the same machine, you will start to see false positives. The option is to have one or the other, not both as both products are intercepting web traffic.

    But, moving on, can you try whitelisting your PAC file location if it has a web address or IP, if it helps at all?

    1. Go to Global Settings > Global Exclusions
    2. Click on "Add Exclusion"
    3. On "Exclusion Type:" select "Website (Windows/Mac)"
    4. On "Value:" enter the full address of the PAC file
    5. Click Add
    6. Let the Device update and test again.

    If the above does not resolve, please raise a support case and DM or post the ticket number so we are able to monitor and provide updates in this post.

    Regards, 

     
    DianneY
    Technical Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link
  • Thanks DianneY

     

    I tried what you said, I can only enter the first part of the domain and not the full address of the PAC file.  

    E.g. I can only enter pac.hybrid-web.global.blackspider.com rather than pac.hybrid-web.global.blackspider.com/proxy.pac

    Unfortunately I am still having issues.  I've logged this as a ticket with Sophos.

     

    Many thanks

    Jon

  • Thanks  . As an update to this, it was confirmed that Sophos Web Intelligence and ForcePoint are not supported installed together due to the nature of their Internet scanning features. Due to this conflict, the internet scanning feature from either ForcePoint or Sophos will have to be turned off.

    Regards, 

     
    DianneY
    Technical Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link
Reply Children
  • Thanks both. We have had this same issue for the last few weeks and the conflict between Forcepoint and Sophos was indeed the issue. Have disabled both Web Control and Real time internet scanning in Sophos and web browsing works straight away. Strange that just Chrome is affected.

    Anyway thanks for the info guys :-)