Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Website Being blocked to a specific user

Hi guys

I'm getting some issue with this sophos blocked issue despite the user have never face this problem before.
And seems that the stop reported username does not seems to match the login domain user.

Anyone face this issue before ?
Thanks





This thread was automatically locked due to age.
Parents Reply Children
  • well.. we've not done any configurations to our central endpoint or even our sophos xg firewall for the past few years.
    The particular user seems to get this problem after we're back from the mco.
    This also seems to affect some of our users randomly after the exploit that was announce to target sophos firewalls.
    This trigger sophos to update central endpoint with random image number generator.
    I'll just take a look where the problem came from.

  • Hi  

    Would you please check under your central dashboard, for the events of this particular user/machine and also verify the web control policy which is being applied to that user. 

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • It's certainly not the Sophos Central Endpoint Web control blocking it given the screenshot.  At face value, it looks like a web control policy in the XG to block the category.

    Jak

  •  

    I checked and found that the blocked came directly from the firewall.

    Though it's specifically locking 192.168.107.14 to user1. Despite it's user3 is that's logging onto this pc with 192.168.107.14.

    May i know how did the firewall refers the specific IP to a user ?

  • Hi  

    Would you please join the Sophos XG firewall group on the Sophos community, so I can move your post to XG firewall and member of that group can help you to investigate the issue?

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • have joined...
    The responce of sophos community is very fast than i expect..
    Thought the replied would be like microsoft, took a year to reply a subject lol...

  • I asked one of my seniors and he informed me the solution..
    Sophos has a http authenticator.
    By using that pc to login to that http authenticator,  the ip no longer locked to user1. It now shifted to another user.

    Thanks for the fast respond.

  • Hi  

    Thank you for your appreciation.

    I have moved your post to the XG firewall group. Members will help to resolve your issue.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi  

    I would request you to check the Log Viewer >> Web Logs and filter the logs by IP or Username and try to find the denied logs for the website and allow the website URL in the web filter policy applied on the firewall rule of the user profile.

    The XG has 2 ways to apply for Web protection, you can apply it on the firewall rule or on the user profile if you have enabled authentication, user profile web policy will take place, if not than firewall web protection policy will be applied to traffic passing from the firewall rule.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Yes.. I've been using Log Viewer to tracer the IP from it's source to destination.
    As standard routines of Network Administrators , we usually check it's problem from log viewer and policy testing.
    But as what i noticed, log viewer already shown the problem .
    It's just that i'm not too familiar with how the firewall identifies specifically an IP with a domain user.
    And how to switch the domain user for that ip. 
    I initially thought it's affected by the the DNS or DHCP server.
    Which is actually the http authenticator from the firewall itself managing that.
    The web policy for each user has been define long ago by the previous network administrator. 
    So it shouldn't have any issue.
    Perhaps i really need to understand more about the implementation part..

    Thanks again for the information.