This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client does not use WebProtection feature although transparent proxy for network is active

Hi folks,

 

as already in the subject described, i've got a client that uses a ftp connection to an external ip (TCP 21) and the network is listed within the networks for the transparent proxy that also services for FTP service. Unfortunately all clients in this network try to go to this external ip through "Network Firewall". There is also no skip list so i just don't get why the proxy for FTP is not working. Any ideas?



This thread was automatically locked due to age.
Parents
  • Hallo,

    You've been around for a long time, so I'm confused by your question.  When Web Filtering is in Transparent mode, it handles only HTTP/S.  The 'Allowed Target Services' (which includes FTP) are only handled by Web Filtering when the browser uses the UTM as an explicit proxy (Standard mode).  When the FTP Proxy is in Both or Transparent mode, it will handle FTP requests transparently.

    Since you wrote in English, I'll move this thread to the Web Protection forum.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Oh, i‘m also just wundering about your anser as i can‘t derive my time being here from a fact that sophos could just have a bug or from your suggestion that i „should know this“. No offense! But according to documentation in the link above and that‘s what i concidered as my basic, the ftp traffic is included in first place in the transparent (web)proxy.

    and the transparent ftp proxy intercepts traffic destined for port 21

     

    So in my opinion the question still arises why the webproxy does not include my ftp traffic.

  • The 'Allowed Target Services' (which includes FTP) are handled by Web Filtering only when the browser uses the UTM as an explicit proxy (Standard mode). 

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Balfson,

     

    thanks for your answer. And it would just resolve this problem and my understanding right now. But where the hell do you have these informations from? I mean i just can't interprete them out of the link "Securing and Configuring Web Filtering". Instead i read the opposite as it is stated there that

    Transparent proxies can only evaluate traffic on standard ports: the transparent web proxy intercepts traffic destined for ports 80 and 443, and the transparent ftp proxy intercepts traffic destined for port 21.  Any web or ftp traffic on non-standard ports is ignored and therefore evaluated by firewall rules only.

    So as i'm using standard ftp port (Which is TCP 21) it should be filtered by transparent proxy. Don't you agree?

  • I agree that that paragraph is poorly written.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi ,

    thank you two for your help!

    I get it right now (At least i hope so).

    Furthermore i just wanted to add that when opening the "help" in the browser when accessing the webadmin portal, one can get a bit of a better explanation of how the proxy works for services in transparent , nontransparent mode et cetera.

Reply
  • Hi ,

    thank you two for your help!

    I get it right now (At least i hope so).

    Furthermore i just wanted to add that when opening the "help" in the browser when accessing the webadmin portal, one can get a bit of a better explanation of how the proxy works for services in transparent , nontransparent mode et cetera.

Children
  • Hi again,

    same user, same topic. I have a external website that is linked to a customer's website. When trying to open this https address the connection is blocked by sophos packet filter rule "DEFAULT DROP".  Oddly the whole source network is configured to use the web proxy function and it also work for other knows sites like https://bing.com or https://startpage.com

    I don't see any special rule that would block this. How can i troubleshoot such circumstances in sophos as the "policy helpdesk" option says "Allowed".

  • Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  Please post one line corresponding to the Live Log line you just mentioned.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Ok, so here is the log from firewall:

     

    09:58:57     Default DROP     TCP        10.10.0.10:49576    →     WWW.XX.YY.ZZZ:8080         [SYN]     len=52     ttl=125     tos=0x00     srcmac=64:9e:f3:17:51:c1 dstmac=00:1a:8c:f0:ba:20

     

    No entry for this event in webproxy log.

  • The Transparent Filters do not handle non-standard ports like 8080, so the packet will be handled by the firewall rules.

    Transparent filters are triggered by destination port number, not by protocol.

    • Transparent Web handles ports 80 and 443 only.
    • Transparent FTP handles port 21 only.
    • Traffic for all other ports will be ignored by the proxy, and will be handled by Firewall Rules.

    Standard Web filters are triggered by protocol, not by port number.

    • Standard web supports URLs with http, https, and ftp protocols.   
    • Some applications create their own protocols (e.g. HTTX).  These are unsupported and will be blocked.
    • Standard web can handle any port number, so no ports are ignored.  As a matter of policy it blocks non-standard ports by default.   So out-of-the box, it will process ports 21, 80, and 443 while blocking all others.  You can tell Standard Web to process non-standard ports like 8080 by adding them to the "Allowed Target Services" list on the Misc(ellaneous) tab.  When this is done, all of the normal filtering rules are applied to the non-standard port.

    Standard FTP should never be used.

    • If enabled, it will cause web browsers to hang if they attempt to use an FTP:// address
    • Although it will work with proxy-aware FTP clients, proxy-aware FTP clients generally support multiple proxy methods, and the HTTP (Standard Web) proxy method should be used instead, as it is a much more sophisticated tool.
  • Great description. Thank you!