Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Subscribers 3 subscribers
  • Views 5367 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client does not use WebProtection feature although transparent proxy for network is active

Rumak18

Hi folks,

 

as already in the subject described, i've got a client that uses a ftp connection to an external ip (TCP 21) and the network is listed within the networks for the transparent proxy that also services for FTP service. Unfortunately all clients in this network try to go to this external ip through "Network Firewall". There is also no skip list so i just don't get why the proxy for FTP is not working. Any ideas?



This thread was automatically locked due to age.
  • 0

    Please read about the three FTP proxy methods, which are explained in this WiKi article:

    https://community.sophos.com/products/unified-threat-management/w/utm-wiki/37/securing-and-configuring-web-filtering

    If it does not solve your problem, please clarify which proxy method is intended, and whether they are using a browser or an FTP client application.   

  • 0 in reply to DouglasFoster

    Unfortunately that does not help me as i was already of this concept. Nethertheless as i mentioned already i have not configured skip list for this purpose, no extra routing for the target or source and still the traffic goes through packet firewall instead of the webproxy as the service ftp is listed in the transparent mode.

  • 0

    Hallo,

    You've been around for a long time, so I'm confused by your question.  When Web Filtering is in Transparent mode, it handles only HTTP/S.  The 'Allowed Target Services' (which includes FTP) are only handled by Web Filtering when the browser uses the UTM as an explicit proxy (Standard mode).  When the FTP Proxy is in Both or Transparent mode, it will handle FTP requests transparently.

    Since you wrote in English, I'll move this thread to the Web Protection forum.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Oh, i‘m also just wundering about your anser as i can‘t derive my time being here from a fact that sophos could just have a bug or from your suggestion that i „should know this“. No offense! But according to documentation in the link above and that‘s what i concidered as my basic, the ftp traffic is included in first place in the transparent (web)proxy.

    and the transparent ftp proxy intercepts traffic destined for port 21

     

    So in my opinion the question still arises why the webproxy does not include my ftp traffic.

  • 0 in reply to Rumak18

    The 'Allowed Target Services' (which includes FTP) are handled by Web Filtering only when the browser uses the UTM as an explicit proxy (Standard mode). 

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Balfson,

     

    thanks for your answer. And it would just resolve this problem and my understanding right now. But where the hell do you have these informations from? I mean i just can't interprete them out of the link "Securing and Configuring Web Filtering". Instead i read the opposite as it is stated there that

    Transparent proxies can only evaluate traffic on standard ports: the transparent web proxy intercepts traffic destined for ports 80 and 443, and the transparent ftp proxy intercepts traffic destined for port 21.  Any web or ftp traffic on non-standard ports is ignored and therefore evaluated by firewall rules only.

    So as i'm using standard ftp port (Which is TCP 21) it should be filtered by transparent proxy. Don't you agree?

  • 0

    I think the problem may be hidden in this statement:

    ...for the transparent proxy that also services for FTP service...

    The transparent FTP proxy is separate from the web proxy profiles.

    It is configured here:

    Web Protection... FTP...

    • The Global tab is used to specify its own Allowed Networks list, and to specify whether to use Standard or Transparent mode.   Note that there is effectively only one profile, represented by the Global tab alone, because there is only one Allowed Networks list.
    • The Advanced tab is used to configure the Allowed Destinations list as well as its Skip List

    So for the proxy to activate, your client IP has to be in this Allowed Networks List on the Global tab.   

    Once activated:

    • For traffic to be allowed with proxy, the destination IP has to be in the Allowed Servers list on the Advanced tab.
    • For traffic to be allowed without proxy, you can either remove the source IP from the Allowed Networks list on the Global tab, or add the server to the Skip List on the Advanced tab.

    Hope this helps.

  • 0 in reply to Rumak18

    I agree that that paragraph is poorly written.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi ,

    thank you two for your help!

    I get it right now (At least i hope so).

    Furthermore i just wanted to add that when opening the "help" in the browser when accessing the webadmin portal, one can get a bit of a better explanation of how the proxy works for services in transparent , nontransparent mode et cetera.

  • 0 in reply to Rumak18

    Hi again,

    same user, same topic. I have a external website that is linked to a customer's website. When trying to open this https address the connection is blocked by sophos packet filter rule "DEFAULT DROP".  Oddly the whole source network is configured to use the web proxy function and it also work for other knows sites like https://bing.com or https://startpage.com

    I don't see any special rule that would block this. How can i troubleshoot such circumstances in sophos as the "policy helpdesk" option says "Allowed".

Unfiltered HTML