We'd love to hear about it! Click here to go to the product suggestion community
I've met a problem with Application filter and Web filter on Sophos XG.
I have a group with Unlimited internet access permistion for some users (It is imported from AD), I created a Rule on Firewall rule to allow them access internet (Web policy and Application control are Allow All). I also did a Policy test with a user on that group when accessing play.google.com and it is allowed. But when I'm trying to access play.google.com on Browser, It's not working (It shows the message: This site cant't provide a secure connection).
I tried to create a FQDN host or a URL group to solve this problem but It's not working too.
I've stared working with Sophos XG, so how can I do to solve it, please?
There are some screenshots for this problem:
Hi Tu Bui Can you please try removing the checkmark from "Block google QUIC" from the firewall rule?For FQDN rule, once you configure the rule, please postion the rule on the top- https://community.sophos.com/kb/en-us/123035
In reply to Keyur:
Thank for your help,
I've removed the checkmark from "Block google QUIC" from the Firewall Rule but It still not working.
About FQDN, I already followed the steps on this article: https://community.sophos.com/kb/en-us/123035 but nothing really happened.
In reply to Tu Bui:
The connection is not secure?
Can you please check with your browser, which Certificate is used?
Do you intercept the Traffic?
Hi Tu Bui FQDN rule will work when you position the rule on top in firewall rules and DNS configured in Sophos XG and user systems are same and resolved the same DNS for the domain.As you are getting certificate error, please share which certificate it is showing in the browser.The screenshot which you have provided, you did not apply HTTPS scanning, if traffic will pass from that rule then the firewall will not throw the certificate as it will not Intercept HTTPS traffic.For more info:https://community.sophos.com/products/xg-firewall/f/staff-picks/115205/https-faq-in-xg
Hi Keyur, LuCar Toni
I configured DNS on AD.
There are some screenshots about the errors on browsers and the setting of Web > General Setting on Firewall. How can I check the HTTPS traffic which is allowed or not?
Hi Tu Bui Can you please verify by unchecking "Block Invalid HTTPS Certificate" and "Block Unrecognized SSL protocols"?Please remove them one by one and share the result.
I was followed your steps that you suggest but the browser still display the error ablove. There is screenshot of it.
Still not clear, are you using HTTPs scanning or not in your Firewall Rule?
In reply to LuCar Toni:
Yes, I was. I even choose Decrypt & scan HTTPS option and more, but it's not working.