Connection Timed out when connecting to AWS

Good Day,

Long time lurker, first time poster, and this community has helped me out in so many jams. Many thanks to all.

I have site to site VPN to AWS and trying to connect/activate a storage gateway. I can ping and ssh to the vm that is hosting the storage gateway but when I need to connect to it via web portal in AWS before activation I get the following error in attached.

Error states: An error occurred while handling your request:

While trying to receive the URL: http://192.168.63.18/?gatewayType=FILE_S3&activationRegion=us-west-1&vpcEndpoint=vpce-abc

The content could not be delivered due to the following condition: Connection to server timed out.

From Live log of Web Filtering I see.

httpproxy[5385]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.33.36" dstip="192.168.63.18" user="" group="" ad_domain="" statuscode="504" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2713" request="0xda484400" url="192.168.63.18/ referer="" error="Connection to server timed out" authtime="0" dnstime="110" cattime="0" avscantime="0" fullreqtime="60158952" device="0" auth="0"

I created an exception list with matching these urls  and skiping url filter check but still having the same issue.

I know alot of people have solved the issue by doing ^http://([A-Za-z0-9+\.domain\.com\... but not sure how that works when I have an IP address.

Any information will be greatly appreciated 

-Sebastian

  • Hello Sebastian,

    Thank you for contacting the Sophos Community.

    If you add this IP under Web Protection >> Filtering Options >> Misc >> Transparent Mode Skiplist >> Skip Transparent Mode Destination Hosts. 

    Does it help?

    Regards,

  • Hi Sebastian - welcome to the UTM Community!

    In general, I don't recommend using Web Filtering between subnets connected to a UTM, so I would exclude all local subnets.  If one is a Guest subnet, you might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address. For our German-speaking members, I also maintain a version auf Deutsch initially translated by fellow member hallowach when he and I did a major revision in 2013.

    Cheers - Bob