This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does web application control work for VPN conneced devices?

Does web application control work for VPN conneced devices? For LAN connected devices I can see entries in the web application control log. But not for VPN connected devices???

I am using usergroups in the source field in the web application control rules. And the user over VPN (L2TP over IPsec) is authenticated and member of the group.

 

BR
/Erik



This thread was automatically locked due to age.
  • Yes, but it can only filter what it sees.

    Does your VPN profile specify full-tunnel mode (destination =any)?

    Do you have a web filter profile that includes the VPN addtesses in its Allowed Networks list?

    If so, what suthentication method is used for VPN source addresses?

  • Halloj Erik,

    What are expecting to see in the AppCtrl logs?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Well, DouglasFoster pointed me towards correct direction.

    The local firewall was not functioning properly before the VPN was connected, so SFB (Skype For Business) connected to Office 365 before VPN was connected. So there was nothing in application control log. After fixing the local firewall, things are starting to work as expected. Events for both SFB and classic Skype is now logged.

    But still, SFB is a big ugly nightmare, especially when participating in conferences not hosted by Office 365.

    L2TP IPSec VPN is a full tunnel VPN, but it is still not working 100%, no audio when using the Metro Skype app.

    Using SSL VPN, the Metro Skype app works as expected.

    SFB is working on both VPN types.

  • Glad I was able to help.

    The next step is to profile how the applications behave.   Create a firewall rule to all log traffic based on the source IP of your test system.  Also ensure that logging is enabled for every web filter exception.  Then run a series of tests, and study the logs.  Look at the web filter log, the application log, and the firewall log for everything from the source IP during the test intervals.   If there are any problems during testing, also check the IPS log to see if any packets were blocked.   Bottom line:  You have to know how the applications behave before you can configure appropriate whitelist configurations for them.

    As an example:  Free Skype v7 was very difficult to whitelist, because it connected by IP address using servers all over the world.  The only solution was to whitelist based on source IP and target port.   Fortunately, I only needed to authorize a small number of PCs.   Free Skype v8 behaved very differently and was much easier to whiteliest.   This information was a powerful reason to upgrade the affected PCs to Free Skype v8.

    An advantage of UTM is that it has the logging necessary to learn what is actually happening on your network.  That knowledge is critical to distinguishing between acceptable and unacceptable traffic on your network.   

    Too many people in this forum complain because they deploy UTM and immediately some application stops working.   The problem is not really UTM;  the true problem is that they have been ignorant of what is happening on their network and UTM is forcing them to learn.   (The UTM learning curve can play a role, but it is secondary.  Everything anyone needs to know about UTM can be found on this forum.)   The bad guys thrive on our ignorance.

    Best wishes for your struggle to figure this one out.   And Merry Christmas.