Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 2 subscribers
  • Views 92671 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Mobile Control + web protection. Problem with db.notify.windows.com

Krzysztof Kubczyk

Hello,

I have a problem with connection from Sophos Mobile Control server to db3.notify.windows.com:443 through web protection module even I added exception for that domain. Has anyone had similar problem ?

On the proxy server I get:
 
2016:12:02-14:26:14 st3_router-1 httpproxy[6538]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_request_line" file="request.c" line="1048" message="400: Bad request (invalid uri): db3.notify.windows.com"
2016:12:02-14:26:14 st3_router-1 httpproxy[6538]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xcd647600" function="read_request_headers" file="request.c" line="1612" message="invalid request line"

 

Logs from SMC system property check in attachment. 

 

Fullscreen log.txt Download 
2016-12-02 14:16:55 : Checking if proxy 192.168.70.1:8080 allows connect to: db3.notify.windows.com
2016-12-02 14:16:55 : Proxy host: 192.168.70.1
2016-12-02 14:16:55 : Proxy port: 8080
2016-12-02 14:16:55 : Check resolving of 192.168.70.1
2016-12-02 14:16:55 : DNS resolving successful: 192.168.70.1
2016-12-02 14:16:55 : Answer from proxy: HTTP/1.1 400 Received invalid request line from client
Date: Fri, 02 Dec 2016 13:17:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset="UTF-8"
Content-Length: 2445
Accept-Ranges: none
Proxy-Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <title>The requested URL could not be retrieved</title>
    <link href="http://passthrough.fw-notify.net/static/default.css" rel="stylesheet" type="text/css" />
    <script type="text/javascript" src="http://passthrough.fw-notify.net/static/default.js"></script>
  </head>
  <body onload="checkResize();">
    <div id="emsg_large"></div>
    <div id="page">
      <div id="header">
        <div><img src="http://passthrough.fw-notify.net/static/topbar_left.png" width="6" height="72" border="0" /></div>
        <div id="company_logo"><img src="http://passthrough.fw-notify.net/static/logo.png" border="0" /></div>
        <div id="company_text"><h1 class="orange"></h1></div>
        <div><img src="http://passthrough.fw-notify.net/static/topbar_right.png" width="6" height="72" border="0" /></div>
      </div>
      <br class="clearer" />

      <div id="content">
        <img src="http://passthrough.fw-notify.net/static/warning.png" border="0" align="left" />
        <h1 class="orange">An error occurred while handling your request</h1>

        <div class="line">
          <div class="label">While trying to retrieve the URL:</div>
          <div class="desc"> 
            <span></span>
          </div>
        </div>

        <div class="line">
          <div class="label">The content could not be delivered due to the following condition:</div>
          <div class="desc"> 
            Received invalid request line from client
          </div>
        </div>

        <div class="line">
          <div class="label">Contact:</div>
          <div class="desc"> 
            it@st3-offshor
2016-12-02 14:16:55 : Proxy answered with http code != 200
2016-12-02 14:16:55 : db3.notify.windows.com blocked through proxy.
2016-12-02 14:16:55 : Checking connect to: db3.notify.windows.com:443
2016-12-02 14:16:55 : DNS resolving successful. Checking connect to: 191.232.139.143:443
2016-12-02 14:17:05 : Error: @error 10060
2016-12-02 14:17:05 : db3.notify.windows.com blocked.



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Krzysztof, and welcome to the UTM Community!

    Try skipping the Proxy for db3.notify.windows.com.  In Transparent mode, put a DNS Host for that FQDN in the Destination box on the 'Misc' tab of 'Filtering Options'.  Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    No luck. The same problem

    2016-12-05 08:18:01 : DNS resolving successful. Checking connect to: 191.232.139.143:443
    2016-12-05 08:18:11 : Error: @error 10060
    2016-12-05 08:18:11 : db3.notify.windows.com blocked.

    It works only with enabled masquerade without proxy server

  • 0 in reply to Krzysztof Kubczyk

    I don't recognize that log file, Krzysztof.  If it is an edited Web Filtering log, then the Proxy wasn't skipped.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    saludos estimados tambien estoy presentando el mismo problema, que solucion puede tener

  • 0 in reply to BAlfson

    Logs were from Sophos Mobile Control System Property Checks

     

    Logs from Web Protection: 

    2016:12:06-07:59:36 st3_router-1 httpproxy[6538]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_request_line" file="request.c" line="1048" message="400: Bad request (invalid uri): db3.notify.windows.com"
    2016:12:06-07:59:36 st3_router-1 httpproxy[6538]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xb334000" function="read_request_headers" file="request.c" line="1612" message="invalid request line"
  • 0 in reply to Krzysztof Kubczyk

    That shows that whatever you did to skip the proxy didn't work.  If Web Filtering is in Transparent mode, use a DNS Host in the 'Skip Transparent Mode Destination Hosts/Networks' box.  If in Standard, add db3.notify.windows to your browser's Proxy Settings Exceptions.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob I did that. I have a lot of exceptions and all work good but with db3.notify.windows.com sophos has a problem :)

     

  • 0 in reply to Krzysztof Kubczyk

    db3.notify.windows.com is a CNAME that points at an Akamai A-Record with a TTL of 300 seconds.  I's say try several times and then get what you need done in 3 minutes.

    I assume your Proxy is in Transparent mode.  If you were to configure your browser to point at the Proxy, that Profile would still accept a Standard mode request on port 8080 (see 5A/B in Configuring HTTP/S proxy access with AD SSO).  You then could skip the Proxy for both the CNAME and the Akamai FQDN and not need to worry about a rapidly changing IP.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Krzysztof Kubczyk

    db3.notify.windows.com is a CNAME that points at an Akamai A-Record with a TTL of 300 seconds.  I's say try several times and then get what you need done in 3 minutes.

    I assume your Proxy is in Transparent mode.  If you were to configure your browser to point at the Proxy, that Profile would still accept a Standard mode request on port 8080 (see 5A/B in Configuring HTTP/S proxy access with AD SSO).  You then could skip the Proxy for both the CNAME and the Akamai FQDN and not need to worry about a rapidly changing IP.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML