Hello together,
I am trying to allow traffic to specific websites using firewall rules with FQDN-Hosts as Destination. Unfortunately this is not alwas working as expected:
I try to reach github assets under https://github-production-release-asset-xxxxxx.s3.amazonaws.com
Therefore I allowed *.s3.amazonaws.com as host.
in 19 out of 20 trys this is working perfectly. In 1 out of 20 no connection is possible and I see a blocked in the Firewall.
Theese are some thisgs I already figured out:
- s3.amazonaws.com as a massiv (speaking of several ten thousands) amount of public IPs
- As far as I can see the list of IPs associated with an FQDN-Host updates after an succesfull DNS resloution made by the sophos (This is qhy I added the Sophos as DNS Server for all my Clients)
- When the connection is blocked the IP List wasn't updated so the blocked Ip does not appear in the IP List.
Do you guys have any ideas of how to resolve this issue?
Kind regards
Jonas
Hello Jonas,
Thank you for contacting the Sophos Community!
What is the error you get in the Firewall when this happens?
If you added *.s3.amazonaws.com would be very unlikely I would think that the site would get blocked.
Are you using any type of Web Filter in this Firewall rule, too?
Does this happen every day?
Regards,
Hello Emmanuel,
The Error I get is a normal "block".
I do not have Web Filter activated.
Yes this happens every day.
Regards
Thank you for the follow-up!
Could you please share a screenshot of the Block page you’re seeing?
Do you have any type of 3rd party proxy? Are you using Sophos Endpoint?
I am not seeing a block page. It is just a normal block appearing in the firewall logs (as my last firewall rule is doing a reject) At the client I therefor only see a connection timed out.
No third party Proxy or Sophos Endpoint used