Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 12 replies
  • Subscribers 41 subscribers
  • Views 5161 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Website blocked by SOPHOS

Alain Coulibaly

Hi everybody,

For long time I'm facing serious issue with sophos blocking a specific website: my company bank web site. I tried creatinf exceptions in sophos but doesnt work

Sophos Firmware version: SFOS 18.0.3 MR-3

Bloscked siteweb: https://www.corporate.bda-net.ci/

Error message: ERR_CONNECTION_RESET (see attached image)

NB: when i connect to another hotspot or bypass sophos, all work fine.



This thread was automatically locked due to age.
Parents
  • 0

    Bonjour Alain,

    I would suggest you use the policy test tools to see why it's being blocked.  Also have a look at the different logs (Web, App, SSL/TLS) to see if there is any "blocked" actions there with this site/ip as the destination.  There is not a whole lot of information (ie, firewall rules, policies applied etc...), so I will try my best.  Your website seems to be under the "Private homepages" category for web filtering - make sure you allow that category or create an exception with the "policy check" ticked.  I would also check the ssl/tls inspection rules tab in the "Rules and Policy" section of the UI and create an exception for that site, considering you created a global exception for it in the Web/Exception section.

    Regards

  • 0 in reply to Regis M

    Hello Regis,

    Thanks for your feedback,

    Please find below (text and image)  the result of the policy test:

    Connexion
    Tester l’heure :19:29:36 Wednesday
    IP de destination: 160.154.201.99, port 443, TCP
    IP source : 160.154.203.114
    Zone émettrice : Détection automatique
    Utilisateur :  Utilisateur non authentifié
    Règle de pare-feu :  #Default_Network_Policy (ID: 5) Accepter
    Proxy Web : Utiliser le proxy pour les ports 80 et 443
    Résultat : Autorisé
    Protection Web 
    Catégorie : Personal sites
    Stratégie Web : Default Policy
    Exceptions : Vérifications de stratégie
    I also create an exeption as you can see below in the Web/Exception section but still not working.
    Do you have any other advice? 
    Thanks in advance
Reply
  • 0 in reply to Regis M

    Hello Regis,

    Thanks for your feedback,

    Please find below (text and image)  the result of the policy test:

    Connexion
    Tester l’heure :19:29:36 Wednesday
    IP de destination: 160.154.201.99, port 443, TCP
    IP source : 160.154.203.114
    Zone émettrice : Détection automatique
    Utilisateur :  Utilisateur non authentifié
    Règle de pare-feu :  #Default_Network_Policy (ID: 5) Accepter
    Proxy Web : Utiliser le proxy pour les ports 80 et 443
    Résultat : Autorisé
    Protection Web 
    Catégorie : Personal sites
    Stratégie Web : Default Policy
    Exceptions : Vérifications de stratégie
    I also create an exeption as you can see below in the Web/Exception section but still not working.
    Do you have any other advice? 
    Thanks in advance
Children
  • 0 in reply to Alain Coulibaly

    Hi, have you checked this:  "I would also check the ssl/tls inspection rules tab in the "Rules and Policy" section of the UI and create an exception for that site, considering you created a global exception for it in the Web/Exception section." ?  Also, did you checked the different logs (Web, App, SSL/TLS, IPS/IDS) to see if that IP was blocked on any of those?

  • 0 in reply to Regis M

    Hi,

    I would suspect you have a firewall rule configuration issue, I can connect to that site and my rules are reasonably strict.

    Please post a copy of your failing firewall rule (expanded). Also what does the logviewer show for the rule.

    Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML