Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 1588 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue with Url block

Super CM

I am trying to block YouTube.com during specific time but it doesn't seem to be working. This was discussed previously here community.sophos.com/.../issue-with-rules



This thread was automatically locked due to age.
Parents
  • 0

    Hello SuperCM,

    Thank you for contacting the Sophos Community.

    Did you get the chance to check on the logs what happens when youtube is supposed to be blocked? If you are using the Web Filter the awarrenhttp_access.log in debug mode should show something.

    # service awarrenhttp:debug -ds nosync (Ran from the advanced shell 5 > 3)

    # /log/awarrenhttp_access.log

    Also, I double-check your post, and in the screenshot that you share where it says youtube is blocked, under constraints I don't see any time selected. 

    Please double check you’re adding a time to the Web Policy for youtube.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • 0

    Hello SuperCM,

    Thank you for contacting the Sophos Community.

    Did you get the chance to check on the logs what happens when youtube is supposed to be blocked? If you are using the Web Filter the awarrenhttp_access.log in debug mode should show something.

    # service awarrenhttp:debug -ds nosync (Ran from the advanced shell 5 > 3)

    # /log/awarrenhttp_access.log

    Also, I double-check your post, and in the screenshot that you share where it says youtube is blocked, under constraints I don't see any time selected. 

    Please double check you’re adding a time to the Web Policy for youtube.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
  • 0 in reply to emmosophos

    When I look at the debug log, the traffic is not shown. 

  • 0 in reply to Super CM

    Hello SuperCM,

    Thank you for the follow-up.

    Make sure the Computer is pointing to the XG as DNS resolver.

    If you aren’t seeing the traffic, double-check that your Firewall Rule is set to use Web Proxy instead of DPI engine.

    Try a Packet Capture from the GUI to confirm which Firewall Rule is being applied.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    I confirmed that the rule is set to use web proxy and is using the xg for dns.

    Looking at the packet capture, it looks like it is using the right rule.

    The rule in the gui is rule 28

    also i have the time off right now while I am testing it.

  • 0 in reply to Super CM

    Hi,

    please check if you have other rules that allow access other internet outside of your block times. You need to be enforcing access using allow and block rules in both web and application places.

    Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I don't see anything that stands out. Also shouldn't the logs show how access is granted? 

  • 0 in reply to Super CM

    You wil need to check both application and web logs. I found the application log not very useful because it only shows blocked applications.

    Once a connection is established from memory the XG does not block it, it will only block new connections, but I will be corrected on that if in error. I think I got the idea wrong last time and had to run a test for one of the sophos support people to prove the block does work at the correct time. I will run a test tomorrow and report back.

    Ian

    added extra info.

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to rfcat_vk

    Hi super_cm,

    I setup a the restriction profile and schedule and applied them to my application profile. I also changed the application policy to deny when applying the restricted time schedule.

    Results of testing

    1/. one VoIP service was locked after 40 seconds

    2/. the second VoIP service was dropped after 8 minutes.

    3/. the application logviewer showed only one attempt by one phone and multiple attempts by the other phone to restore a connection.

    4/. When the schedule and profile were deleted one phone took about 2 minutes to re-register, the other has not but that will e a configuration issue in VoIP ATA.

    5/. the deal between activation time and actual blocking time is very frustrating while trying to debug new rules.

    6/. I do not use web filtering on my VoIP services only application policy control.

    I Hope these results help with your issue?

    Ian

    corrected typing errors.

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I think this is my answer. It seems that the connection is still open and that's why it's allowing access. 

Unfiltered HTML