Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Website Being blocked to a specific user

Hi guys

I'm getting some issue with this sophos blocked issue despite the user have never face this problem before.
And seems that the stop reported username does not seems to match the login domain user.

Anyone face this issue before ?
Thanks





This thread was automatically locked due to age.
Parents Reply Children
  •  

    I checked and found that the blocked came directly from the firewall.

    Though it's specifically locking 192.168.107.14 to user1. Despite it's user3 is that's logging onto this pc with 192.168.107.14.

    May i know how did the firewall refers the specific IP to a user ?

  • Hi  

    Would you please join the Sophos XG firewall group on the Sophos community, so I can move your post to XG firewall and member of that group can help you to investigate the issue?

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • have joined...
    The responce of sophos community is very fast than i expect..
    Thought the replied would be like microsoft, took a year to reply a subject lol...

  • I asked one of my seniors and he informed me the solution..
    Sophos has a http authenticator.
    By using that pc to login to that http authenticator,  the ip no longer locked to user1. It now shifted to another user.

    Thanks for the fast respond.

  • Hi  

    Thank you for your appreciation.

    I have moved your post to the XG firewall group. Members will help to resolve your issue.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Hi  

    I would request you to check the Log Viewer >> Web Logs and filter the logs by IP or Username and try to find the denied logs for the website and allow the website URL in the web filter policy applied on the firewall rule of the user profile.

    The XG has 2 ways to apply for Web protection, you can apply it on the firewall rule or on the user profile if you have enabled authentication, user profile web policy will take place, if not than firewall web protection policy will be applied to traffic passing from the firewall rule.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Yes.. I've been using Log Viewer to tracer the IP from it's source to destination.
    As standard routines of Network Administrators , we usually check it's problem from log viewer and policy testing.
    But as what i noticed, log viewer already shown the problem .
    It's just that i'm not too familiar with how the firewall identifies specifically an IP with a domain user.
    And how to switch the domain user for that ip. 
    I initially thought it's affected by the the DNS or DHCP server.
    Which is actually the http authenticator from the firewall itself managing that.
    The web policy for each user has been define long ago by the previous network administrator. 
    So it shouldn't have any issue.
    Perhaps i really need to understand more about the implementation part..

    Thanks again for the information.