This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM9 Web Protection help for a newbieutm

Hi all, Hoping you can help this newbie.

We have Sophos for Webserver protection installed on a server and have started investigating the Web Protection side of it using transparent and ad sso.

I have setup the web filter and profile along with the active directory side and when I do a policy test i get:

Which looks to me like everything should work. I then connect to our test computer which has the same ip address and add the proxy details:

but each time I try to go to the same web site I get:

Also, during testing for some reason i'll open a new page, type in bbc.co.uk I get:

followed by:

2017:07:07-15:58:01 sqldcsos01 httpproxy[31104]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.2.140" dstip="172.217.25.142" user="timr" group="" ad_domain="QLDC" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo (QLDC_General)" filteraction="REF_HttCffQldcgenera (QLDC_General)" size="2593" request="0x1549d800" url="http://clients5.google.com/complete/search?hl=en-NZ&q=w&client=ie8&inputencoding=UTF-8&outputencoding=UTF-8" referer="" error="Connection refused" authtime="503" dnstime="94" cattime="199219" avscantime="0" fullreqtime="202446" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" exceptions="" category="178" reputation="neutral" categoryname="Internet Services"

 

Any help would be REALLY appreciated



This thread was automatically locked due to age.
  • Hi, Alert, and welcome to the UTM Community!

    The key here is statuscode="502".  This means that if an Exception for antivirus scanning doesn't resolve the problem, you will need to skip the proxy for clients5.google.com.

    I can see you were having problems with other sites, but the resolution in your pictures wasn't good enough to allow one to read the content of the images.  If you're having this problem with every site you try to visit, please post another representative line and the pictures that go with the line from the log file.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Look at Wikipedia for http error codes.

    It looks like a network issue for me.

    Try to ping and traceroute your destination on GUI and SSH. Is the default GW of your Sophos pointing to the internet interface (by checking default GW on this interface)?