This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iOs not sending or receiving

Hi,

I work for a public library system (4 total).  We have all traffic going through a Sophos UTM SG330 on version 9.700-5.  Our license is just for network and web protection.  

I received this from a staff member out in the public area...

A customer was unable to send email from an iPhone using Mail.app (configured for an iCloud account) while using LibraryMain. Disabling wifi and relying on the cell network allowed for the mail to be sent.

I have had this problem on our business network wifi with the same combination (iPhone + Mail.app + iCloud) for several months. I have to disable wifi so that I can check mail on the cell network. I then re-enable wifi. I'm not sure when this issue began for me, but I feel like it's been in the last few months. Will do a bit more digging on my iPhone to see if other clients are affected while I'm on library wifi.

We have two networks, business and public, and the issue is on both networks.  I tried adding a firewall rule that any traffic using any and all email ports and various other iCloud ports.  It did not work.  Then I thought I would simplify things and just have any traffic going from any to any just using port 993.  Still nothing is working.

I looked at the exception for Apple Update, and set it to skip everything.   Nothing seems to work.  I know just enough to get myself in trouble and I tend to not be able to see the forest for the trees.  (I am all self taught and had a terrible teacher).

I have been researching this off and on for several months, and feel like I am just going around in circles.

TIA,

Vicky



This thread was automatically locked due to age.
Parents
  • Hi Vicky and welcome (back?) to the UTM Community!

    This is not a common problem, so I think we'll need to see what's happening in the logs when this occurs.  Check the Web Filtering, Firewall and Intrusion Prevention logs and show us any related lines.

    Cheers - Bob
    PS As a mod, I see the IP from which each post was made.  You're 160 miles north of here.  I was Heights High '68.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi Vicky and welcome (back?) to the UTM Community!

    This is not a common problem, so I think we'll need to see what's happening in the logs when this occurs.  Check the Web Filtering, Firewall and Intrusion Prevention logs and show us any related lines.

    Cheers - Bob
    PS As a mod, I see the IP from which each post was made.  You're 160 miles north of here.  I was Heights High '68.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Web Filtering

    Firewall

    Intrusion Prevention

    2019:12:18-12:02:49 main snort[20384]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="PROTOCOL-DNS TMG Firewall Client long host entry exploit attempt" group="241" srcip="68.230.242.25" dstip="10.1.1.87" proto="17" srcport="53" dstport="59833" sid="19187" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"

     

    I am not seeing anything on our end......but every user is unable to get through.

     

    p.s.  Not sure where my IP shows me, but I am in Arkansas.  

  • That Web Filtering log indicates that everything is going through.  Please show us several raw loglines like you did for Intrusion Prevention.  All green and no red in the Firewall Live Log, so the traffic isn't being blocked there.  The Snort block appears to be a DNS response from a Cox name server, so that could be the issue.  You might want to adjust your DNS settings to conform to DNS best practice.

    Cheers - Bob
    PS IP2Location shows your IP in Wichita, KS.  I'm in OKC.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • BAlfson said:

    That Web Filtering log indicates that everything is going through.  Please show us several raw loglines like you did for Intrusion Prevention.  All green and no red in the Firewall Live Log, so the traffic isn't being blocked there.  The Snort block appears to be a DNS response from a Cox name server, so that could be the issue.  You might want to adjust your DNS settings to conform to DNS best practice.

    Cheers - Bob
    PS IP2Location shows your IP in Wichita, KS.  I'm in OKC.

     

     

    Thanks Bob.  I am looking through the DNS best practice you sent.  I have made a couple of changes that I hope will help.  So far they have not created new problems.  Unfortunately I don't have an iPhone, so my testing is limited right now.  I am also going to be on vacation.  I will continue to research this is the new year.

     

    Vicky 

  • Sorry for the delay.  I wanted to let you know that DNS was my problem. Thank you for responding.  Have a great year.

  • Thanks, Vicky - I wish you a great year, too.

    Cheers - Bob
    PS IP2Location now shows your correct location.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA