This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos endpoint blocking internet traffic via ssl vpn, with gateway enabled.

Good morning folks.
  

I have a sophos xg 135 firewall, and anti-virus endpoint also from sophos, we are all working in home office, via ssl VPN with client installed on all computers,
there was a need for a user to access a third party system with our public ip being in your home, I created a specific rule on the firewall and group on the VPN to
use our public ip as a gateway, so far everything is perfect, everything works, and even on any computer it works with any antivirus, but when I install the sophos
endpoint antivirus all internet traffic for , only the network continues, I already tried to disable all policies on the endpoint for 4 hours, but I still have access
to the internet blocked, I tried everything including searches in the forums, and I didn't get anything, I would like help to solve this problem
.
Thank you


This thread was automatically locked due to age.
  • Hello  

    Can you please see if stopping any of the Sophos Endpoint Services, for example, the Sophos Web Intelligence service to see if any of these are causing the issue? You did say that you have turned off all of the policies and the issue persists. Please note that Tamper Protection would need to be disabled as well prior to stopping services.

    Let us know what may be the offending service. Thanks!

  • Hello Dianney.
    
    First of all thank you very much for your help. I stopped all services from the sophos endpoint, and disabled the adductor protection as well, and I was unsuccessful.




  • Hello  

    If you disable all options from that screen, you are still unable to connect to the internet?

    What about turning off the Sophos services from Services.msc?

  • Hello DianneY.
    
      That's right, disabling all the options on this screen, still can't connect to the Internet. Disable all services from the service at: services.msc, 
    and continue without surfing the internet.



  • Hello  

    The Sophos Endpoint Defense Service is still running. 

    Perhaps do the steps in this KB (while in Safe Mode) to and see if you're able to stop all of the services? Once all of the services has been turned off, see if you can browse?

    When you turned off all of the Features in the UI it effectively has turned off Sophos Endpoint. 

    Ultimately if you're still unable to browse the internet with all services turned off, maybe you can try uninstalling Sophos Endpoint and see if the issue is still there?

    If uninstalling seems to keep the issue from occurring or if one of the services (appear to cause the issue), further investigation is needed at that point, please raise a support case and DM me your ticket number so we can follow the progress on the ticket.

  • Hi Dianney.

     

    Dear. 
    I decided to do the installation from scratch, disable the tamper protection on the control panel, uninstalled the sophos endpoint, and excluded all the
    sophos folders, leaving only the ssl vpn folder, I searched the entire computer and had nothing else on the endpoint, . I connected to the VPN and it worked
    perfectly the way I wanted without any problem, I was able to browse. I restarted the computer, installed the sophos endpoint, restarted the computer again,
    when it came back, a warning appeared in its status and in services.msc, saying that some service was not working, I connected to the vpn and working the way
    I wanted it it is with a public ip of the work, I verified that the service: SOPHOS NETWORK THREAT PROTECTION, was disabled, as soon as I enabled it, the internet
    stopped working by vpn ... In other words, the service that blocks navigation is precisely the: SOPHOS NETWORK TREATH PROTECTION, but I cannot leave this security
    breach, how do I enable this service and be able to use it with the other public IP? can you help me with this? Thank you.




  • Hi  

    Sure, we'll help on this.

    Would you please check the user temp folder (%temp%) and confirm if you are able to see the Network Threat Protection installation logs? If not, please check the folder C:\Windows\temp.

    We need to check that installation logs of the NTP to know the exact error because of which it is failing.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hello Jasmine.
    Thanks in advance for your help.
    My biggest problem is that when the ntp is activated my internet browsing stops, but I'm using the office ip as a gateway, and I'm at home, if I use a ssl vpn without the 
    office gateway it works, but I need to use the public ip office and not my home, and it only works if I disable ntp. I found the file: Sophos Network Threat Protection Install Log 20200530 111006.txt How do I send it?
  • Hi  

    You can search for the error message under the MSI logs and then paste it over here or you can either PM me or Jasmin the log file to check the error. Also, I would suggest you have a look at this link which refers to different scenarios of "Service not starting" for Sophos Endpoint. You can specifically refer to Network threat protection service not starting as mentioned in the article and see if it helps.

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • Hello Shweta.
    My problem is not the service that does not start, this resolved very quickly, my problem is my internet which is blocked using another public ip by ssl vpn, 
    and it only works by disabling this service. Enabling and disabling is easy, I need to know how to solve the internet blocking problem.