This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Control blocks everything no matter what

I have had this problem for a long time and disabled Web Control for the time being. I have decided to pick it up again. If I enable Web Control everything is block on all endpoint clients even if the filtering policy allows everything and isn't blocking anything. If I use Policy Helpdesk and check google.com is says it's allowed but then I try and navigate to it and it's blocked. I get this error message in Firefox:

Secure Connection Failed

An error occurred during a connection to www.wesiteaddress.com. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

Learn more…

And a message in the lower corner of the screen appears every couple seconds if I'm in a browser even doing nothing (Some web content was blocked by your organization's web control policy) and won't go away till I close the browser. I can't even access the Sophos web console while Web Control is enabled.

Let me know what you need.



This thread was automatically locked due to age.
Parents
  • Bryan, I configure Firefox to skip the proxy for accessing WebAdmin locally:

    localhost, 127.0.0.1, .ourdomain.com, .10.xxx.y.0/24, .ourdomain.local, 10.242.2.1, .join.me,

    10.xxx.y.0/24 is our internal network.  10.242.2.1 is the address of any UTM to which I am connected via SSL VPN.

    Open the Web Filtering Live Log and try an access.  Show us a few lines related to the block.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • There are no block records in the Web Filtering log. Everything is showing "Access" but the site still won't display, unless I visit a site I have setup to be blocked. Then a "Block" record appears in the log. I did discover that if I disable Web Control under Endpoint Protection then the web filter policy seems to work just fine and I can visit everything except for the blocked sites.

    The problem with disabling Web Control is that the filter policy only works if a device is behind the UTM. So my laptop won't have the filter policy if I leave the network.

  • That Firefox message appears when I try to visit a site with an SSL. If I visit a site that doesn't use SSL then I get a straight up 502 forbidden error message.

     .

  • If you trust that site, make an Exception for AntiVirus for it.  If that doesn't let you access it, then you will need to skip the Proxy for it.

    Just an afterthought - show us the line in the Web Filtering log file where it's a "pass" yet the access was blocked.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I have added google.com as a white listed site everywhere I can. Firewall, Antivirus, and Web filter, and it is still getting blocked. When I get home today I'll add a "pass" line from the log to this post.

  • Did you find any resolution?   I'm in the same situation and no matter what I do it seems that Web Control wants to block *all* sites from time to time but not all the time...  pulling my hair out to try to resolve this.

  • Jeff, please show a line from the log where something was blocked that shouldn't have been.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

     

    Just to clarify, this is an issue with the desktop software (Sophos Endpoint Security and Control - v 11.0.11 UTM) on a Win 10 PC.

    When I have Web Control for the endpoint disabled everything works fine and the Web Filtering profiles/policies/actions work as expected.  But...  if I turn on Web Control for a PC all hell breaks loose with many popup messages saying that a website was blocked by a company policy.   When I look in the firewall logs, I don't see any mention of this and as far as I can see there is no [user accessible] web control logging, just AV/HIPS, Device Control, Tamper Protection and Update logs.

    Hope that helps clarify the issue I'm having, I'm happy to provide any more information to help diagnose this issue.

     

    -Jeff

  • I never found a solution. I don't enable Web Control.

  • Go to Logging and Reporting, View Log Files
    Under Todays and Archived
    - "Endpoint Web Protection" has logs from endpoint
    - "Web Filtering" has logs from on box web proxy

    Under all the reports, the two logs are combined together to form the report.

    I think it can take up to ~15 minutes for endpoint logs to appear.  If nothing appears in the Endpoint Web Protection log, you've got some communication problem between UTM <-> cloud <-> endpoint. 


    Try this to ensure that you have a current copy of policy and that you have the ability to download policy
    On the windows computer
    go to %ProgramData%\Sophos\Web Control\Policy
    Delete all files.  Now wait a few minutes and the files should reappear.

    If the Endpoint is managed by the UTM, you can try uninstalling and then doing the download again - making sure that you use the link that is found on the "Deploy Agent" field.

Reply
  • Go to Logging and Reporting, View Log Files
    Under Todays and Archived
    - "Endpoint Web Protection" has logs from endpoint
    - "Web Filtering" has logs from on box web proxy

    Under all the reports, the two logs are combined together to form the report.

    I think it can take up to ~15 minutes for endpoint logs to appear.  If nothing appears in the Endpoint Web Protection log, you've got some communication problem between UTM <-> cloud <-> endpoint. 


    Try this to ensure that you have a current copy of policy and that you have the ability to download policy
    On the windows computer
    go to %ProgramData%\Sophos\Web Control\Policy
    Delete all files.  Now wait a few minutes and the files should reappear.

    If the Endpoint is managed by the UTM, you can try uninstalling and then doing the download again - making sure that you use the link that is found on the "Deploy Agent" field.

Children
No Data