This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filtering vs Firewall rules for allowed internet access

I'm new to UTM and struggling to get some basic filtering rules set up. I have no idea at this point if I'm supposed to be using web filtering or firewall rules, or if this is a separate (possible related) DNS issue. 

I have several servers on a network behind a UTM9 device that I do not want accessing the internet, with the exception of a few services, such as Windows Update or Crashplan. So far, I have crashplan working, using a firewall rule to allow HTTP/S from said servers to crashplan IPs (and DNS Host records). 

I'm trying to do the same for Windows Updates, and struggling miserably. According to the logs, I see lots of :80 and :443 requests, but I have a FW rule allowing all the suggested windows updates DNS hosts from the servers, but still nothing. Most of the dropped packets are trying to reach Amazon and Google, from what I can tell. Upon further research, it seems I should be doing this via Web Filters, but I have no idea how to do this, is this the incorrect application?

 

Thanks...



This thread was automatically locked due to age.
  • I'll move this to the Network Protection forum, Aaron.  Please show us several representative lines from the Firewall log file that show the blocks you're seeing.  Use the CentralOps.net Domain Dossier to find what domains those represent.  Tell us specifically what update each line represents.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Firewall rules shouldn't be necessary for http/s connections when you use the web proxy, except there are exceptions to not proxy specific connections. To help you with that we should also know, in which Mode the web proxy runs (transparent/full transparent/standard).

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • Agreed, Kevin, but I was trying to get him to answer about the firewall before suggesting that he open a new thread in the Web Protection forum with a better question.  Just trying to be strategic in building the database of answers in places where folks will look for them.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • No problem, Bob :-)

    Just wanted to point him in the right direction, because when he gets firewall log entries something is wrong with his proxy configuration.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • Okay, so I've started up the Web Filtering on my UTM device, and enabled it as Transparent mode for now. I have a profile built and currently only set to protect/allow one machine as a test. I've set the filter to "block" all web traffic. However, the exceptions are still active in the exceptions tab, as I'd like, to allow Windows updates and sophos connection for antivirus definitions, etc. The problem is, the exceptions don't seem to be passing. Windows update still throws an error, and navigating to microsoft.com in a browser (as a test) throws a "site configured incorrectly" error. Under the HTTPS tab on the profile, I have selected URL Filtering Only (on both the default and specific network profile pages). What am I doing wrong now?