Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 2983 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG blocking all HTTP after reboot, no entries in the logs to diagnose

IT Support166

XG330 (SFOS 17.5.12 MR-12) 

Since firewall reboot last night our XG is now blocking all HTTP sites and displaying the following page. We have not made any changes to any rules, and the HTTPS version of the site works fine.

More critically, there are no entries in the log viewer for these blocks to help diagnose which area of the XG is causing this block.



This thread was automatically locked due to age.
  • 0 in reply to IT Support166

    If you try to enable the parent proxy and enter some data and disable it again, does it work? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    No, sorry, it still fails after entering junk, saving successfully, and then emptying parent proxy settings:

    Junk data entered to parent proxy:

    Junk data emptied again:

    The u2d.log entries quoted above present the same ERROR parse issue, empty response string, and strange add new server  Host and Port 8443.

  • 0 in reply to IT Support166

    I decided to try to manually update the Patterns using the instructions for Air Gap appliances: https://support.sophos.com/support/s/article/KB-000038577  

    The patterns are available: https://airgap.u2d.sophos.com/sfos_patterns_update.tar  

    This alone hadn't worked, but toggling the Web > General Settings > Malware and content scanning > Scan engine selection: from Single Engine: Sophos to Avira and then to Dual Engine (as we use Sandstorm) seems to have fixed the block on HTTP traffic that was the original reason for this post.

    However the Pattern Update and the Firmware Update are still failing with the red error described earlier in this discussion. The u2d.log entries I will post here shortly.

  • 0 in reply to IT Support166

    Sophos Support case resolution suggested that Allow auto-install of hotfixes was not enabled and this appliance missed out on hotfix HF062020.1 they also suggested this fix was included in the latest v.17 firmware.

    Manually updating the firmware from 17.5.12 MR-12 to 17.5.14 MR-14-1 has resolved the issues we were experiencing, specifically:  

    1. Browsing to HTTP websites displayed a Stop! Security risk detected page, no entry posted to log viewer.
    2. System > Backup & Firmware > Firmware: Check for new firmware with Red error displayed 'Check for new firmware failed'.
    3. System > Backup & Firmware > Pattern update: Update pattern now with Red error displayed 'Failed to check for pattern updates'.
    4. Central Synchronization > Manage from Sophos Central > Configure > Send configuration backup to Sophos Central with Red error 'Couldn’t apply settings to enable firewall management from Sophos Central.'
    5. System > Administration > Central Management > Central Management settings > Manage your firewall using toggle was stuck ON and couldn't deactivate.

    Hope this helps any others experiencing similar issues.

    Thanks  and for your help and direction.

Unfiltered HTML