This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Endpoint protection blocking local server... why?

I've seen this problem before and now I am facing it again. I had to completely uninstall endpoint protection in order to access a local ubuntu virtual server I recently turned up via ping, ssh, https, or webmin (port10000). When the server was created on the local network I was able to access it for about 48 hours and then nothing. The nothing part is what bothers me. I could access the server from my UTM or any other device that did not have endpoint protection installed. I still can, in fact. But on desktops or servers with the endpoint installed, no luck. Worst of all, I can't find anywhere a log entry being made regarding the attempt to access an apparently forbidden ip address. I've tried disabling the endpoint but that is as frustrating as no log data. Much easier to just delete the damn thing to confirm it is the issue.

When this sort of problem occurs where am I supposed to go to find the root cause so I can address it?



This thread was automatically locked due to age.
Parents
  • Hi ,

    Fist things first, what was the rule of this virtual server? Was is only a normal shared drive or it has an application on it which needs to be access on the machines? 
    was the Ping from the machine where sophos endpoint is going through when you ping the virtual server or no? 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • This was/is a webserver in my vmware cluster. I was merely trying to manage the server via ssh or webmin, to prepare it for loading an internal website. It was/is in the same local subnet and physical/virtual network as my desktop. As far as the desktop was concerned the target ip was not found. I am trying to understand what impact endpoint protection had, and where it would have recorded anything about the issue.

  • the endpoint software doesn't intercept RDP traffic - only web browser traffic. Do packet capture on the external of the endpoint and the server when you are attempting to connect - see what traffic is being sent. 

    Also, you need to check your routing table on the machine. You saw it is the same subnet but are you connected into the same switch or are you transiting across a trunk?

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply
  • the endpoint software doesn't intercept RDP traffic - only web browser traffic. Do packet capture on the external of the endpoint and the server when you are attempting to connect - see what traffic is being sent. 

    Also, you need to check your routing table on the machine. You saw it is the same subnet but are you connected into the same switch or are you transiting across a trunk?

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Children
No Data