Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 38 subscribers
  • Views 1092 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 18.04 Web proxy no web filters enabled, still at random the webfilter block pops up

Fred_B

I am looking at using the XG as Web Proxy and I testing how it performs. 

Issues:

  • I can use Chrome with AD authorisation. Sometimes the login portal pops up, but not always. it looks random and can be in the middle of a working session. The login portal only accepts local XG accounts and no AD pass tru. 
  • At first Google was blocked with the notice that search engines category is blocked. I checked the settings but it is not in the applied Firewall rule Web Filter set. It is also not in the default web filter rules that apply to anybody. The category is set to acceptable. so why that block? I disabled all web filters and sometimes website are blocked at random that worked before and will start to work again at random. 

Pointers to get this stable are appreciated.

Kind regards,

Fred



This thread was automatically locked due to age.
Parents
  • 0

     Can it be that this bug is raising it’s head again? https://community.sophos.com/sophos-xg-firewall/f/discussions/119219/bug-web-filter-blocking-random-categories
    I am not clean 18.0.4 MR-4 Sophos Support applied the DKIM hot fixes which broke the updating of blocked e-mail senders and XG SAV and Sandstorm is not working properly. Not using MTA anymore for that reason. I can make the HA peer active as I added that later and is clean 18.0.4 MR4.

  • 0 in reply to Fred_B

    The stand-by new XG is now running as primary. I have the same issue of random categories being blocked from the test W10 Client. Now it works than it doesn't. Even within sessions. 

    Using XG 210 18.04 MR4 as proxy server.

    W10 client fully patched Proxy set to the XG. Running Intercept X on the Client which also does web filter from central. 

    Website is blocked

    This category is set as acceptable on the XG:

    Category Classification Acceptable

    If I check log viewer the correct fire wall is hit. No security settings enabled on the firewall rule.

     Security setting all unchecked

    Other securiy settings all unchecked

    I have disabled all default policies. There are four firewall rules that use this policy (REDS, VPN) but mine does not. To check I disabled the categories.   

    Webpolicies all disabled

    Only the LAN firewall web rule is affected and I believe because of the XG used as proxy on the LAN W10 client. 

    I am going to test without the proxy.

  • 0 in reply to Fred_B

    Without using the XG as proxy the http(s) traffic is not seen as from a matched user so the login page appears constantly. We are using STAS.

    The XG login screen does not allow pass tru authentication to AD and store the password. So web authentication enabled for unknown users with no local user account on the XG does not work. 

    I think I can fix the occasional login pop up when using XG proxy by raising the Drop time out during identity probe. 

    Still that does not fix the random category page blocks. 

Reply
  • 0 in reply to Fred_B

    Without using the XG as proxy the http(s) traffic is not seen as from a matched user so the login page appears constantly. We are using STAS.

    The XG login screen does not allow pass tru authentication to AD and store the password. So web authentication enabled for unknown users with no local user account on the XG does not work. 

    I think I can fix the occasional login pop up when using XG proxy by raising the Drop time out during identity probe. 

    Still that does not fix the random category page blocks. 

Children
  • 0 in reply to Fred_B

    The firewall rule sophos login screen for unmatched users does allow AD uthentication. It also uses the One Time Password (OTP) functionality if enabled. After a succesfull login the screen states not tpo close that page as you will lbe signed out, 

    Problem is even that with this screen still succesfully logged in, authentication will time out and you need to login again, ending up with multiple succesfull login screens. 

    Sophos proxy on the XG 18.04 is broken as it will randomly bloke page categories even with no policy set and everything allowed. 

Unfiltered HTML