Hello All,
This is a repost of an unsolved problem from the Sophos subreddit (www.reddit.com/.../), so if it looks familiar that's why.
I'm running Sophos XG SFOS 18.0.4 MR-4 and running into issues with web filtering. In short, the category "IP Address" seems to be restricted regardless of how web filtering is configured, or whether it is active at all. There may be other categories with restrictions that I haven't encountered yet, but I haven't systematically tested every category of web traffic.
To try and debug this I set up a web filtering policy with no restrictions, and configured all firewall rules to use it.
Furthermore I ensured that a firewall rule to allow all traffic from the management VLAN/zone to all zones.
I also tried reclassifying the "IP Address" category as productive, however this did not change anything either.
I also tried enable Policy Override, but after logging in when attempting to access the IP Address the same blocked message is presented, however the second time there is no option to log in (same as the first screenshot at the top).
Following advice provided on Reddit by a sophos community manager I enabled logging, and the following entry was generated when I attempted to access a local IP address. It looks to me like some generic policy is being triggered, but I'm not sure if I am reading it correctly, unsure how the generic policy that doesn't exist any more could be active, and googling the log hasn't provided much useful info.
1610407185.553517028 [ 8403/0x7fc2da4d4800] fwid=7 fwflag="" iap=2 aap=0 conn_id=2687960960 id="0060" name="web request blocked, at request phase" action="block" method="GET" srcip="192.168.241.100" dstip="192.168.200.11" user="" statuscode=403 cached=0 trxlen=0 rxlen=0 url="http://192.168.200.11/cgi-bin/luci/" referer="" type="" upload_file_name="" upload_file_type="" download_file_name="" download_file_type="" authtime=0 dnstime=0 cattime=228333 avscantime=0 fullreqtime=244471 ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0" activity="" av_transaction_id="" categoryname="IPAddress" category="83" app_id=0 app_name="None" app_cat="None" exceptions="" reason="acl primary match Default act on (null), acl secondary match None on (null)"
I'm utterly baffled as to what I am missing in my configuration; if anyone can spot any obvious issues or clarify what the log is telling me, I would greatly appreciate it!
Thanks and best, ~ Mike
This thread was automatically locked due to age.
