This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Web Filter is Blocking everything except youtube

Ok so i'm new to Sophos UTM. i wanted to try it out before i commit.

I have it installed on a device with 4 nics. 2 nics are used to bridge the gap between Switch and Router and a 3rd is used for management.

Switch ---> UTM ---> Router

The bridge was setup as a ethernet bridge ip 0.0.0.0/24 and IPv4 Default gate is the ip of the router (192.168.10.1)

First Issue - Sophos Endpoint Live connect say it is disabled. If i remove the UTM from the bridge and only have management nic live with IP (192.168.10.8) Live connect works fine.

As soon as i turn the bridge on it fails to connect.

 

Second issue and more importantly. when i turn on Web Filter almost all websites are blocked. they either return network unreachable or host unknown. Youtube work fine

I have a firewall rule that is Any Any Any. I have tried the web filter with Any network, Internal network (192.168.10.0/24) and about every other way possible. As soon as i turn the Web filter off everything works.

I use open DNS on my router. I have tried leaving all UTM settings as defaults and setting OpenDNS in the UTM and forwarder. still nothing. 

 

any ideas?



This thread was automatically locked due to age.
  • Try here:

    https://community.sophos.com/kb/en-us/119360

     

    Go through it very carefully as it's easy to miss a part. Enusre the bridge is up and running prior to enabling any exotic part eg web filtering etc

  • thanks Louis-M. Thats the guide i initially followed. The only thing i have done differently is left the bridge IP as 0.0.0.0 which i read creates a seamless bridge. 

     

    Would there be any issues with my router not allowing DNS requests through when web filtering is on? 

     

    The bridge part is working fine as all my devices are going through the bridge to get internet access which works aslong as i dont turn web filtering on. 

  • There shouldn't be. The web filtering only filters web browsing ports eg http (tcp 80), https (port 443)

    DNS (udp 53) shouldn't be affected. Are you suing the UTM's dns proxy for your clients?

    Try that to see if that makes a difference. Ensure that your client network is allowed to use the dns proxy. Put your forwarders in there and point them to your router or external dns servers.

    Far better to do it this way as the UTM dns proxy offers various protections.

  • Thanks for the help Louis-M.

     

    I removed my OpenDNS IPs from the DNS forwarders and left only my routers IP in there and i think its working. i only have one machine defined in the web protection as a test, will add the rest of my network later and see what happens.

  • Have a look at the DNS best practices sticky on this forum. It's a good piece of info by a very knowledgeable person. I would always advise that internal clients either:

    1. point to an internal dns server and that dns server points to the UTM DNS proxy. The UTM proxy then points to external dns servers eg. opendns etc

    2. If no internal dns server, clients should point to the UTM proxy. The UTM proxy then points to external dns servers eg google, open dns

  • well i though i had sorted it but no such luck.

     

    In the sophos we protection > policy helpdesk.  if i have my web protection on and then test a website such as google.co.uk it comes back allowed. however if i try to get to google in a web browser i get network unreachable. I can successfully ping google.co.uk and it resolves the name. 

    so i'm guessing my DNS is ok as its resolving.

    My PC points to my internal DNS (router) 192.168.10.1   

    My router has OpenDNS 208.67.222.222 and 208.67.220.220 

    Web Protection off = everything works

    Web protection on = cant get to google. although strangely i can get to Youtube???? 

    On my UTM it doesnt matter what i have in DNS Global allowed networks, makes no difference. In the forwarders i have my internal DNS.

     

    Not sure what you mean about UTM proxy, i have it setup in full transparent bridge mode so no proxy. 

     

  • I've never set up a bridge before so unsure. Do you have network services > DNS?

    If so, under global, you should include your internal network ie allow your internal lan clients to access the proxy

    Under forwarders, you should add your router IP (if it offers dns services) OR your external opendns servers in there (not your internal dns server)

    so:

    CLIENT DNS > UTM DNS > ROUTER DNS > OPENDNS or CLIENT DNS > UTM DNS > OPENDNS

    If you have an internal dns server (larger networks, not home networks) then:

    CLIENT DNS > INTERNAL DNS SERVER > UTM DNS > ROUTER DNS > OPENDNS or CLIENT DNS > INTERNAL DNS SERVER > UTM DNS > OPENDNS

  • Ye my setup is End device > Switch > UTM > router (with DNS)

    All my networks use my router as the DNS. And my router uses OpenDNS.

     

    ye Network Services > DNS

    In Global i now have my internal networks (they are VLAN1, VLAN40 and VLAN60)

    Under forwarders i have tried just my router (dns)   also tried just OpenDNS and tried both. 

    With my router in forwarders i can resolve names on my LAN and resolve names on the WAN e.g. google.co.uk so im guessing my DNS is working. however i cant get to google it says network unreachable. But as said above about the only website i can get to is youtube....

  • ok a further update. if i turn on Web Filtering but dont filter https i can get to https sites.but cant get to any http sites.

  • Thats strange. So dns is confirmed as working. Web access is confirmed as working too (without web filtering)

    So, my next stop would be to look at the web filtering live logs and try and access somewhere and see if it passes/blocks it.