Website blocked by SOPHOS

Hi everybody,

For long time I'm facing serious issue with sophos blocking a specific website: my company bank web site. I tried creatinf exceptions in sophos but doesnt work

Sophos Firmware version: SFOS 18.0.3 MR-3

Bloscked siteweb: https://www.corporate.bda-net.ci/

Error message: ERR_CONNECTION_RESET (see attached image)

NB: when i connect to another hotspot or bypass sophos, all work fine.



Edited TAGs
[edited by: emmosophos at 9:47 PM (GMT -7) on 31 Mar 2021]
  • Bonjour Alain,

    I would suggest you use the policy test tools to see why it's being blocked.  Also have a look at the different logs (Web, App, SSL/TLS) to see if there is any "blocked" actions there with this site/ip as the destination.  There is not a whole lot of information (ie, firewall rules, policies applied etc...), so I will try my best.  Your website seems to be under the "Private homepages" category for web filtering - make sure you allow that category or create an exception with the "policy check" ticked.  I would also check the ssl/tls inspection rules tab in the "Rules and Policy" section of the UI and create an exception for that site, considering you created a global exception for it in the Web/Exception section.

    Regards

  • Hello Regis,

    Thanks for your feedback,

    Please find below (text and image)  the result of the policy test:

    Connexion
    Tester l’heure :19:29:36 Wednesday
    IP de destination: 160.154.201.99, port 443, TCP
    IP source : 160.154.203.114
    Zone émettrice : Détection automatique
    Utilisateur :  Utilisateur non authentifié
    Règle de pare-feu :  #Default_Network_Policy (ID: 5) Accepter
    Proxy Web : Utiliser le proxy pour les ports 80 et 443
    Résultat : Autorisé
    Protection Web 
    Catégorie : Personal sites
    Stratégie Web : Default Policy
    Exceptions : Vérifications de stratégie
    I also create an exeption as you can see below in the Web/Exception section but still not working.
    Do you have any other advice? 
    Thanks in advance
  • Hi, have you checked this:  "I would also check the ssl/tls inspection rules tab in the "Rules and Policy" section of the UI and create an exception for that site, considering you created a global exception for it in the Web/Exception section." ?  Also, did you checked the different logs (Web, App, SSL/TLS, IPS/IDS) to see if that IP was blocked on any of those?

  • Hi,

    I would suspect you have a firewall rule configuration issue, I can connect to that site and my rules are reasonably strict.

    Please post a copy of your failing firewall rule (expanded). Also what does the logviewer show for the rule.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hello Alain,

    To add to what Regis and RFcat_vk had mentioned, if you create a Test Firewall without Web Policies, does the website load?

    Can you confirm if the website in question is behind the XG or not, I would guess it isn’t but double confirm. 

    Also, try running this command from the Advanced Shell (5>3) of the XG and show us the output.

    # wget https://www.corporate.bda-net.ci

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hello @all,

    Sorry for the missing, i have been out off office for health reasons.

    Thanks for the answers but i tried everything i can do, when i bypass the XG or connect from a source different of the office connection, i can reach the website.

    I created an exception as shown in my above sceenshot but it doesn't work.

    @Emmosophos can you show me how to run this command from the Advanced Shell (5>3) of the XG, i'm very new in Sophos XG.

    Thanks in advance

  • Hello Alain,

    Hope you’re feeling better.

    Please follow this KB to SSH to the XG, once in the Advanced Shell just enter the following command:

    # wget https://www.corporate.bda-net.ci

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hello @emmosophos, thanks a lot, i'm feeling better now.

    Kindly find below the output of the advanced shell wget command.

    XG135_XN03_SFOS 18.0.3 MR-3# wget www.corporate.bda-net.ci
    --2021-04-15 10:17:42-- www.corporate.bda-net.ci/
    Resolving www.corporate.bda-net.ci... 160.154.201.99
    Connecting to www.corporate.bda-net.ci|160.154.201.99|:443... failed: No route to host.
    XG135_XN03_SFOS 18.0.3 MR-3#

    Also notice that the ping to the url does't work too

    XG135_XN03_SFOS 18.0.3 MR-3# ping www.corporate.bda-net.ci
    PING www.corporate.bda-net.ci (160.154.201.99): 56 data bytes

  • Hi,

    Could you check your netmask ?

    Regards,

    Christophe

    XG Certified Engineer

    Sophos Platinum Partner - Reseller from Clermont-Ferrand, France