Thread Info
  • Locked Locked
  • Replies 29 replies
  • Subscribers 25 subscribers
  • Views 86070 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM update 9.411-3 released

UThomas

Up2Date 9.411003 package description:

Remarks:
System will be rebooted
Configuration will be upgraded

News:
Maintenance Release

Bugfixes:
Fix [NUTM-6804]: [AWS] Update breaks HVM standalone installations
Fix [NUTM-6747]: [Email] SAVI scanner coredumps permanently in MailProxy after update to 9.410
Fix [NUTM-6802]: [Web] New coredumps from httpproxy after update to v9.410

RPM packages contained:
rubygem-sophos-iaas-1.0.0-0.251808053.g8ec3939.i686.rpm
ep-cssd-9.40-28.g1a032c7.rb1.i686.rpm
ep-ha-aws-9.40-376.g8ec3939.noarch.rpm
ep-cloud-ec2-9.40-47.g1d126b2.i686.rpm
ep-httpproxy-9.40-393.g39ad256.rb5.i686.rpm
ep-release-9.411-3.noarch.rpm



This thread was automatically locked due to age.
Parents

  • Hi all,

     

    I just updated 2 days ago our SG310 to 9.411-3 from 9.409-9. 

     

    The box was was configured not to allow download more than 100MB of file to users not listed in the exception in which I included in the exception. It has been configured for more that a year but the recent upgrade to 9.411-3 broke that rule.

     

    I can no longer download (direct download from browser) files more that 100MB with the following info:

    "The content is blocked due to the following condition:
    The item you have requested is larger than the maximum allowable file size. It will not be downloaded."
     
    I uncheck and check Skip Block by download size but no avail.
     
    Is these a bug or just I miss something? Remember that I can download files before even 500MB of size without problem.
     
     
  • in reply to Jeanar Tanong

    Hi, Jeanar, and welcome to the UTM Community!

    Please find the line from the Web Filtering log where your access is blocked.  Then post a question in the Web Protection forum that shows that line.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • in reply to Jeanar Tanong

    Hi, Jeanar, and welcome to the UTM Community!

    Please find the line from the Web Filtering log where your access is blocked.  Then post a question in the Web Protection forum that shows that line.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • in reply to BAlfson

    Hi Bob,

     

    This was the log files during download that was block.

     

    2017:03:24-18:14:35 ta-utm-lnx_01p httpproxy[5853]: id="0070" severity="info" sys="SecureWeb" sub="http" 
    name="web request blocked, download exceeds maximum allowable size" action="block" method="GET" 
    srcip="10.10.10.119" dstip="149.202.99.44" user="" group="" ad_domain="" statuscode="403" cached="0" 
    profile="REF_HttProContaInterNetwo2 (For Internal Network)" filteraction="REF_HttCffBlocksites (BlockSites)" 
    size="3063" request="0xbde15000" url="http://ddl8.digiboy.ir/vmware/6.0/update-from-esxi6.0-6.0_update03.zip" 
    referer="www.digiboy.ir/.../" error="" authtime="0" dnstime="95" 
    cattime="152" avscantime="0" fullreqtime="725130" device="0" auth="0" 
    ua="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) 
    Chrome/56.0.2924.87 Safari/537.36" exceptions="application" category="175" reputation="neutral" 
    categoryname="Software/Hardware" reason="size"

    My ip (10.10.10.119) was included in the exception list with skip block download size.

    But to my surprise, I was able to download latest release of pfSense with the following log:

    2017:03:24-18:28:28 ta-utm-lnx_01p httpproxy[5853]: id="0001" severity="info" sys="SecureWeb" sub="http" 
    name="http access" action="pass" method="CONNECT" srcip="10.10.10.119" dstip="139.59.224.27" user="" group="" 
    ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (For Internal Network)" 
    filteraction="REF_HttCffBlocksites (BlockSites)" size="322982130" request="0xe4806600" 
    url="https://sgpfiles.pfsense.org/" referer="" error="" authtime="0" dnstime="2" cattime="106" 
    avscantime="0" fullreqtime="819146008" device="0" auth="0" ua="" exceptions="application" 
    category="175" reputation="neutral" categoryname="Software/Hardware"

    Can you give me the reason behind on this?

    Jeanar
  • in reply to Jeanar Tanong

    In neither case does your IP qualify you for an Exception for size, so I have no idea why the pfsense download was successful.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to Jeanar Tanong

    Hi Jeanar.

    First, as per Bob's instructions, I think you should create a new thread at the right session for your issue. Other than that, the only difference I see is that the request that was blocked was HTTP and the one that passed was HTTPS. 

    Please, start a new thread and share some of your configuration so people can help you the right way.

    Regards - Giovani

Unfiltered HTML