This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Browser not working, but internal network resources accessible, able to PING, TRACERT, and NSLOOKUP

Hi all,

My company is using Intercept X managed on Sophos Central (200+ terminals).

2 weeks back some users started facing the issue of their browsers not loading any web pages at all, resulting in timeout. This is regardless of browser type, be it Google Chrome, Microsoft Edge, or Mozilla Firefox.

However, applications such as Outlook, network mapped drives, PING, TRACERT, and NSLOOKUP to public servers came back OK.

Based on a quick Google check, this issue had happened in the past to users of Intercept X: 

Websites stop loading in all browsers

Intercept X Advanced - Internet Access Stops Working via Browsers

I have created a bypass policy for the affected users to bypass their network threat protection, and the issue goes away. But putting the affected users under bypass long term is not a proper solution (defeat the purpose of an endpoint protection).

I have also raised a ticket to Sophos, but no response from the team at all (disappointing, but not surprising).

Hope someone from Sophos support will contact me after seeing this thread.

This thread was automatically locked due to age.
  • Thank you for reaching the community forum,

    Can you confirm how many are affected by this.? Do the devices affected reside on a single IP segment or random? Were there any recent changes in your network connectivity or firewall rules if you have?

    Also, can you perform basic troubleshooting on one of the affected devices and follow the steps listed in this KB Article to identify which component is causing this and share the findings with us? 
    You can share as well there the case ID that you've raise or DM me directly so that we can monitor the status of the case. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • I have a total of 8 PCs that are affected, but they are not on a fixed network as some are laptops and do connect to external networks (home or public WiFi).

    Disabling the functions through Endpoint Agent does not work as the terminal needs to be restarted. The issue is that before I pointed to Sophos, we were advising the users to restart their computers when they first encountered this issue, in which a single restart resolved it. But as time goes on, single restart did not get the job done, one may have to restart multiple times before working, while a few downright don't work at all.

    Once I found the above threads and bypass real-time scanning for the affected computers by policy in Sophos Central, their issue went away.

    Unfortunately, there was no case ID being generated when I raised the issue through Sophos Central (which is weird). But I do have a SDU generated from one of the affected computers.

    Since my own terminal is affected as well, I can take myself out of bypass and wait for a new occurrence again before generating a new SDU.

  • Could you check your Threat Protection Policy to see if "SSL/TLS decryption of HTTPS websites" is enabled? This should be turned off by default currently.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • No, that is off all the time for all Threat Protection policies. I tried turning it on once last year to test on one computer, that threw up errors on the browser with invalid certificate.

    EDIT: Just to add on, another PC just reported the same issue happened, where user was not able to use browser but no issue with other network functions. I disabled the tamper protection and disabled Real-time scanning for internet first, no cigar. I disabled Web Control next, and the browser started working.

    I've collected the SDU, will be submitting them when Sophos Support replies my new ticket.