This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Grammarly

Hello

 

We have  Sophos UTM running FW 9.502-4.  We use Web Filtering in Standard Mode and AD SSO.  HTTPS is set to Decrypt & Scan.

 

We have some employees who want to use Grammarly, but this is being blocked.  Using the Grammarly diagnostic test, it seems that the WebSockets test is failing.  I've next to no knowledge of WebSockets, some basic Googling reveals that UTM does not support WebSockets and the problem is related to it using Port 80/443.

 

Normally, and like this forum post, I create a web filtering exception so that SSL is not scanned.  However even with the filtering exception in place we still get the WebSockets fail.

 

I have watched the Web Proection Live Log and cannot see any traffic being blocked for Grammarly.  I have also searched Web Protection logs for blocked traffic and Grammarly is not in the list.

 

I know it's the filter, since if I use a computer/account exluded from web filtering then Grammarly passes fine.

 

I am doing something wrong, or does anyone have any other suggestions?

Many thanks



This thread was automatically locked due to age.
Parents
  • I know you're very knowledgeable, so I bet I just need to ask you questions and that you will figure it out.

    I thought the websockets limitation applied only to the Web Application Firewall - where did you see that it's also an issue with Web Filtering?

    If it's Web Filtering that's the culprit, please show us a few lines from that log where you attempt to get this traffic to pass.  Also, on the outside chance that it's some interaction with something else, check the Intrusion Prevention log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hello

     

    That's very kind of you to say, thank-you very much.

     

    I see it based as a Web Filtering issue for two reasons:

     

    1. When I use an account that does not use Web Filtering, but still uses the UTM as it's gateway, Grammarly works fine/tests pass

    2. In the only other post I can find with someone who is using Grammarly, adding exceptions to web filtering resolves their problem

     

    I've attached a log snipped that shows the exact time I ran the Grammarly tests (and they failed).  It shows the traffic as passing, and that also there were exceptions applied.

     

    I've checked the IPS log and can see no evidence of it messing with Grammarly.

     

    Thanks again

    Paul

    2018:04:25-12:48:47 utm httpproxy[15677]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="MyServerIP" dstip="54.192.35.103" user="myuser.name" group="Web Filtering Level 3" ad_domain="MyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="4071" request="0xe35d3000" url="https://denali-static.grammarly.com/" referer="" error="" authtime="77" dnstime="52848" cattime="0" avscantime="0" fullreqtime="101668" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:04:25-12:48:47 utm httpproxy[15677]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="MyServerIP" dstip="54.192.35.103" user="myuser.name" group="Web Filtering Level 3" ad_domain="MyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="4071" request="0xc4e71e00" url="https://denali-static.grammarly.com/" referer="" error="" authtime="38" dnstime="62818" cattime="0" avscantime="0" fullreqtime="114064" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:04:25-12:48:49 utm httpproxy[15677]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="MyServerIP" dstip="216.58.204.46" user="myuser.name" group="Web Filtering Level 3" ad_domain="MyDomain" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="0" request="0xc5b35800" url="https://www.google-analytics.com/analytics.js" referer="https://app.grammarly.com/diagnostic-test" error="" authtime="74" dnstime="3" cattime="97" avscantime="0" fullreqtime="39727" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="googanal" app-id="175"
    2018:04:25-12:48:52 utm httpproxy[15677]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="MyServerIP" dstip="34.204.121.121" user="myuser.name" group="Web Filtering Level 3" ad_domain="MyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="17229" request="0xe3dbcc00" url="https://f-log-editor.grammarly.io/" referer="" error="" authtime="46" dnstime="15611" cattime="0" avscantime="0" fullreqtime="3356382" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:04:25-12:48:52 utm httpproxy[15677]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="MyServerIP" dstip="52.45.171.45" user="myuser.name" group="Web Filtering Level 3" ad_domain="MyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="8437" request="0xc5436a00" url="https://app.grammarly.com/" referer="" error="" authtime="45" dnstime="16049" cattime="0" avscantime="0" fullreqtime="5725727" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:04:25-12:48:52 utm httpproxy[15677]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="MyServerIP" dstip="54.173.57.120" user="myuser.name" group="Web Filtering Level 3" ad_domain="MyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="5427" request="0xc7bff200" url="https://auth.grammarly.com/" referer="" error="" authtime="46" dnstime="24460" cattime="0" avscantime="0" fullreqtime="2598340" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:04:25-12:48:52 utm httpproxy[15677]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="MyServerIP" dstip="216.58.204.42" user="myuser.name" group="Web Filtering Level 3" ad_domain="MyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="5314" request="0xe39dd600" url="https://fonts.googleapis.com/" referer="" error="" authtime="58" dnstime="4" cattime="0" avscantime="0" fullreqtime="4355523" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:04:25-12:48:52 utm httpproxy[15677]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="MyServerIP" dstip="54.173.57.120" user="myuser.name" group="Web Filtering Level 3" ad_domain="MyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="6059" request="0xc4481200" url="https://auth.grammarly.com/" referer="" error="" authtime="42" dnstime="7" cattime="0" avscantime="0" fullreqtime="2249948" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:04:25-12:48:52 utm httpproxy[15677]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="MyServerIP" dstip="54.88.9.34" user="myuser.name" group="Web Filtering Level 3" ad_domain="MyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="5452" request="0xc6702c00" url="https://subscription.grammarly.com/" referer="" error="" authtime="45" dnstime="40138" cattime="0" avscantime="0" fullreqtime="1679680" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:04:25-12:48:52 utm httpproxy[15677]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="MyServerIP" dstip="54.192.35.103" user="myuser.name" group="Web Filtering Level 3" ad_domain="MyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="7500" request="0xc45aec00" url="https://denali-static.grammarly.com/" referer="" error="" authtime="46" dnstime="46711" cattime="0" avscantime="0" fullreqtime="5160900" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:04:25-12:48:52 utm httpproxy[15677]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="MyServerIP" dstip="54.192.35.103" user="myuser.name" group="Web Filtering Level 3" ad_domain="MyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="71044" request="0xc6190c00" url="https://denali-static.grammarly.com/" referer="" error="" authtime="43" dnstime="69468" cattime="0" avscantime="0" fullreqtime="5179416" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:04:25-12:49:02 utm httpproxy[15677]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="MyServerIP" dstip="54.84.77.181" user="myuser.name" group="Web Filtering Level 3" ad_domain="MyDomain" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="5009" request="0xc6317000" url="https://f-log-editor.grammarly.io/" referer="" error="" authtime="44" dnstime="228" cattime="0" avscantime="0" fullreqtime="5127594" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    

  • Paul, did you try the advice in https://community.sophos.com/products/unified-threat-management/f/web-protection-web-filtering-application-visibility-control/80288/online-grammar-checker---issue/315137#315137?  That would indicate that Grammerly has a problem with the UTM's self-signed cert when doing HTTPS.

    Earlier in that thread, Aditya gives some good advice, but this doesn't sound like the problem he was addressing.

    The OP in that thread quoted a response that he got from Sophos Support.  He was told that the Web Application Firewall (reverseproxy) did not support websockets.  Support was confused by his question and never understood that he was asking about Web Filtering (httpproxy).  I haven't seen anywhere that there might be a websocket problem with Web Filtering.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children