This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to connect to Sophos Central via proxy that requires authentication

Hi

We have just moved to a new Proxy system that requires authentication and our servers stopped communicating with Sophos Central and stopped downloading updates.

I have already checked https://community.sophos.com/kb/en-us/119263 and it will not work for us as we dont have an option to exclude particular sites from the proxy (or rather we cannot open our firewall for particular sites). I have noticed though an option for proxy credentials in config.xml file so I am wandering if we can use that to authenticate an endpoint to our proxy so it can communicate with Sophos Central and download updates.

Thanks

   



This thread was automatically locked due to age.
Parents
  • Hi Roman,

    In your Sophos Central account, you should have an option to configure proxies in the Global Settings area:

    Proxy Configuration

    Enable devices to connect to Sophos Central or download Sophos software updates through a proxy server
     
    This will allow you to input the proxy details, as well as any credentials that are required for authentication
     
    Stephen
  • Thanks for the reply Stephen

    And how can I apply it to the endpoint if it cannot get proxy settings from the Sophos Central as it needs proxy to communicate?

    Thanks 

  • Sorry, I overlooked the detail; you installed pre proxy. 

    I think you have a couple of options:

    1) bypass the proxy so that you can pick up the proxy information from Sophos Central

    2) re-install the agent using the command line arguments so that endpoints are able to reach Sophos Central via the authenticated proxy 

    It would be worth testing the installation option with one device and if that is successful continue to re-install devices

    Stephen

  • Not sure if I am doing it right - would that be a command:

    SophosSetup.exe --proxyaddress=proxyaddress.co.uk:8080 --proxyusername=domain\username --proxypassword=Mypassword

    ?

    Thanks

  • Hi Roman,

    I'll be honest, i've not tested with an authenticated proxy, but yes, that looks correct.

    Stephen

  • Roman Korchak said:

    Not sure if I am doing it right - would that be a command:

    SophosSetup.exe --proxyaddress=proxyaddress.co.uk:8080 --proxyusername=domain\username --proxypassword=Mypassword

    ?

    Thanks

     

    Did this command with running TCPView and noticed that Setup is still trying to talk directly to the internet ( https-172-79-251-10.lcy.llnw.net:https) rather than via proxy

  • What does your install log show?

    Testing this mine shows:

     

    2018-04-04T12:55:06.7462315Z INFO : Attempting to connect using proxy 'proxyserver:8080' of type 'Proxy'.

    2018-04-04T12:55:06.7462315Z INFO : Set security protocol: 00000800

    2018-04-04T12:55:06.7462315Z INFO : Opening connection to downloads.sophos.com

    2018-04-04T12:55:06.7462315Z INFO : Opened connection to downloads.sophos.com

    2018-04-04T12:55:06.7462315Z INFO : Request content size: 0

    2018-04-04T12:55:06.8719892Z INFO : Sending request

    2018-04-04T12:55:06.8868942Z INFO : Request sent

    2018-04-04T12:55:07.2618615Z INFO : Response status code: 200

    2018-04-04T12:55:07.2618615Z INFO : Response data size: 1674811

  • I checked the install log and found the following error:

    Failed to connect using proxy 'ourproxyserveraddress:8080' with error: Bad response from new connection: status code=407

    which, I believe, means "Proxy authentication required" although I am definitely providing a correct user name and password in a command.

     

  • I have the same problem:

    2018-04-17T19:43:32.6584701Z WARNING : WinHttpGetProxyForUrl returned: 12180
    2018-04-17T19:43:32.6584701Z INFO : Attempting to connect using proxy 'proxyserver:3128' of type 'Customer'.
    2018-04-17T19:43:32.6584701Z INFO : Set security protocol: 00000800
    2018-04-17T19:43:32.6584701Z INFO : Opening connection to downloads.sophos.com
    2018-04-17T19:43:32.6584701Z INFO : Opened connection to downloads.sophos.com
    2018-04-17T19:43:32.6584701Z INFO : Request content size: 0
    2018-04-17T19:43:32.7208702Z INFO : Request sent
    2018-04-17T19:43:32.7988703Z INFO : Response status code: 407
    2018-04-17T19:43:32.7988703Z INFO : Response data size: 0
    2018-04-17T19:43:32.7988703Z WARNING : Basic authentication was offered by the proxy server.
    2018-04-17T19:43:32.7988703Z INFO : Failed to connect using proxy 'proxyserver:3128' with error: No supported proxy authentication schemes.

  • Please can I ask that you log a support ticket (bottom right of this page) and then send me the case ID?

    It looks like you are sending the correct commands to the installer, but there is something not quite right. I can pass the logs to the development team for review.

    Stephen

  • Hi Stephen,

    i send you a private message with the case id.

    Benjamin

  • Hi Benjamin,

    I have your case, i will escalate this.

    Many thanks.

    Stephen

Reply Children