for some days I installed a new Sophos XG at one Customer. One User has sometimes problems, to open HTTPS Websites. I found out that pings also doesn't works for this maybe 30 secounds. After some time and reload again the website the user can open the website and the ping works. If there was the error, every other PC can open this website with this error.
I have already done following:
-Turn off SSL Insepction
-Changed the PC Modell
-Installed new Windows
-Tested with other user
- Tracert to website stops at Sophos IP
Then I created many Package Captures on WAN & LAN Port.
There I found out, that Sophos like drop packets because:
1. I reproduced the error and start logging and stop them. There I can´t see some ICMP-packets in "WAN Port Ping doesn´t works 126.96.36.199 .pcap"
2. After that I also reproduced the error with other website. And wait until it works. There I can only see packets where it works. "WAN Port Ping works 188.8.131.52 .pcap"
3. Now I start logging on LAN Port. I reproduced the error and stop them after first error. There I can see many packetes where it dosn´t works. "LAN Port doesn´t works 184.108.40.206.pcap"
4. After that I start logging on LAN Port and wait until it works again. Now I can see all ICMP-packetes. File: "LAN Port works later 220.127.116.11.pcap".
Have any one an Idea? Thanks!
Problem is solved now.
The soultion was, to turn off STAS.
LAN Port works later 18.104.22.168.zip
Yesterday a customer related an issue similar to your, but only with ICMP.
What the version of Sophos XG is using?
Did you use the log off detection and quarantine option within STAS in SFOS?