Web policy not working

Hello,

 

Im trying to block social network websites and video hosting websites like youtube, but the web policy options not work.

 

I tried with the "C I P A" policy and the default workplace policy (i added social network and video hosting) but nothing block these categories.

 

 

 

  • After restarting the appliance the policies start applying. the big problem is i can't restart more than 20 device every time.

     

    Before restart the appliance, i noticed that all websites showing as uncategorized. Even policy test not work.

     

     

    After restart de appliance, everything works well.

     

  • In reply to MMASLOUH:

    This is another device

     

    Before restart

     

    After restart

  • In reply to MMASLOUH:

    Just a thought but can you disable and enable the rule that the web policies applies to, to see if that would make the change take?

  • In reply to Badrobot:

    Badrobot

    Just a thought but can you disable and enable the rule that the web policies applies to, to see if that would make the change take?

     

     

    Same problem, still showing "Uncategorized" and everything is allowed.

  • Hello MMASLOUH,

    Can you provide the output of the /log/nSXLd.log

    Is this device connected directly to the internet or there is an upstream device?

    Regards,

    Emmanuel Osorio

  • In reply to MMASLOUH:

    Hi,

    have you installed the XG CA on every device? You are not decrypting and scaring so everything will pass.

    Ian

  • In reply to emmosophos:

    this is a few lines from the output, all lines in the output  end with the same error "Unable to create socket because: Too many open files"

     

    [2020-06-02 01:01:42] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:01:44] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:01:45] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:01:47] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:01:50] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:01:56] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:01:58] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:01] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:02] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:02] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:03] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:07] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:12] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:14] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:17] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:19] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:23] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:26] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:28] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:30] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:30] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:32] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:34] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:35] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:39] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:46] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:02:51] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
    [2020-06-02 01:03:02] <1994614720> [error] nSXLd: Unable to create socket because: Too many open files
  • In reply to rfcat_vk:

    rfcat_vk

    Hi,

    have you installed the XG CA on every device? You are not decrypting and scaring so everything will pass.

    Ian

     

     

    yeah i tried this install the CA in the user computer but i got same problem, i think there is no relation between the CA and this problem cuz the CA is only necessary to decrypt SSL.

  • In reply to MMASLOUH:

    Hi,

    where do your devices get their DNS results from, the XG or external DNS? If your devices aren't using the XG DNS the XG will not be able to classify the URLs.

    Ian

  • In reply to MMASLOUH:

    Hello MMASLOUH,

    Can you try running the following command:

    XG115_XN02_SFOS 17.5.12 MR-12.HF052220.1# nslookup 4.sophosxl.net
    Domain Name Server# 127.0.0.1
    Domain Name # 4.sophosxl.net
    Resolved Address 1# 35.164.145.157
    Resolved Address 2# 52.24.61.180
    Resolved Address 3# 54.68.115.39
    Resolved Address 4# 54.148.207.63
    Total query time # 31.35 msec

    Also, run this command:

    XG115_XN02_SFOS 17.5.12 MR-12.HF052220.1# nsxld -c /etc/nSXLd.conf -l www.google.com
    Raw Data:
    0:1:42:SEARCH_ENGINES
    0:2:30:SEARCH_SEARCH_ENGINES
    0:3:2:LOW
    0:5:64:PROD_SEARCH_ENGINES
    Identified Categories:
    Web Category: Search Engines

    Additionally to the commands mentioned above please provide the output of the command below, please only show Webcat output and Web Proxy version

    console> sys dia sh version-info

    Webcat Signature version: 0.0.3.115

    Also what version are you running? If you are not running 17.5.12 please update to this one. 

    If the issue remains please run this command instead of restarting the device (for now).

    #service nsxld:restart -ds nosync

     

  • In reply to emmosophos:

    XG105_XN02_SFOS 17.0.8 MR-8.HF052220.1# nslookup 4.sophosxl.net
    Domain Name Server#  127.0.0.1
    Domain Name       #  4.sophosxl.net
    Resolved Address 1#  3.248.77.194
    Resolved Address 2#  34.250.203.65
    Resolved Address 3#  34.247.122.156
    Resolved Address 4#  52.208.223.121
    Resolved Address 5#  34.251.79.73
    Resolved Address 6#  34.252.188.189
    Resolved Address 7#  34.242.112.178
    Resolved Address 8#  54.77.67.191
    Total query time  #  1123.84 msec

     

    XG105_XN02_SFOS 17.0.8 MR-8.HF052220.1#  nsxld -c /etc/nSXLd.conf -l www.google.com
    Raw Data:
        0:1:42:SEARCH_ENGINES
        0:2:30:SEARCH_SEARCH_ENGINES
        0:3:2:LOW
        0:5:64:PROD_SEARCH_ENGINES
    Identified Categories:
        Web Category: Search Engines
    XG105_XN02_SFOS 17.0.8 MR-8.HF052220.1#

     


    Webcat Signature version:       0.0.3.115
    Web Proxy version:              HTTP-Proxy.f0420a026

    Sophos version: SFOS 17.0.8 MR-8

  • In reply to MMASLOUH:

    i checked an appliance run 17.5.5 seems everything works well, maybe i have to upgrade the other appliances to 17.5.12.

  • In reply to MMASLOUH:

    Hi MMASLOUH,

    Thank you for your reply, please reach out to us after firmware upgrade if the issue persist.