Thread Info
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 2558 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SOPHOS UTM PROXY UNABLE TO BYPASS LOCAL URLS

Allan Moiywo

The proxy UTM is behaving funny. 

Despite setting web exceptions, some local URLs are unreachable when the internet is physically disconnected. 

Note that these are local URLs whose servers are hosted within the institutions LAN. 

eg. http://10.1.x.x:7777/forms*

 

what solutions if any would you advice me to do



This thread was automatically locked due to age.
Parents

  • Since you are using a IP for the internal URL, I conclude that it is not a DNS problem.

     The traffic can only be blocked if it goes through UTM, so the real question is why your network is sending internal traffic through UTM.

    Possibility #1: Standard Mode proxy is misconigured.

    If you are using standard mode, you need to create an exception in your proxy script or proxy configuration to bypass URLs for both FQDNs and IP Addresses that are internal destinations.   Otherwise, all of your internal traffic goes to the UTM first.  In most environments, this will create a performance bottleneck that is unacceptable and unnecessary.

    Possibility #2:  UTM also functions as an internal router

    If your UTM is the router between a client subnet and a server subnet, UTM will see all of the traffic, and transparent filters will apply.   You need to create a bypass-all exception in UTM and apply it to the IP addresses and FQDNs that represent internal servers.  In general, I do not recommend routing internal traffic through a filtering device like UTM.

Reply

  • Since you are using a IP for the internal URL, I conclude that it is not a DNS problem.

     The traffic can only be blocked if it goes through UTM, so the real question is why your network is sending internal traffic through UTM.

    Possibility #1: Standard Mode proxy is misconigured.

    If you are using standard mode, you need to create an exception in your proxy script or proxy configuration to bypass URLs for both FQDNs and IP Addresses that are internal destinations.   Otherwise, all of your internal traffic goes to the UTM first.  In most environments, this will create a performance bottleneck that is unacceptable and unnecessary.

    Possibility #2:  UTM also functions as an internal router

    If your UTM is the router between a client subnet and a server subnet, UTM will see all of the traffic, and transparent filters will apply.   You need to create a bypass-all exception in UTM and apply it to the IP addresses and FQDNs that represent internal servers.  In general, I do not recommend routing internal traffic through a filtering device like UTM.

Children
No Data
Unfiltered HTML