Sophos XG Firewall - License activation unavailable (error XG-00151). See KB-000043485 for the latest updates.
sometime in the last 6 weeks I started a thread on classification errors. I have been doing some further investigation and found thane was wrong and needed to be corrected. I have searched all my activities and not been able to find the initial post to correct the error.
Where has the post gone?
Streaming video is classified as infrastructure
NTP is classified as thunderVPN
A http access to an Apple site is classified as manual proxy surfing on IPv6
Some iMAPs traffic is unclassified.
Thank you for contacting the Sophos Community.
For issues related to Classification Errors, you would need to do a pcap capture, take a screenshot of the Log Viewer Application Filter so we…
I spent this afternoon investigating why the ipad and iPhones don't connect to a site but the mac mini does, In the process I have fixed the issue with manual proxy surfing.
The issue resolves around the missing functions in the HTTP proxy for IPv6 traffic eg does not know how to handle FQDNs which results in the web exceptions not working. So the issue is resolved partially by using DPI instead, but the downside is not all the web policies are obeyed. I can leave the web proxy working for the IP4 traffic just not for the IPv6 traffic. Very frustrating.
This gets even more frustrating because the log denied entry refers to content policy which I can no longer find to amend. There is reference to policy numbers that are greater than my configuration
You cannot amend the default policies and you cannot clone to to make your own. Somewhere on my XG there is a content policy for Australia, but where?
Something has gone missing in one of the many recent updates. How do you find and modify the now hidden functions?
Would love someone who knows where the content policies hide to provide some guidance either that or fix/add the missing features to the IPv6 part of the firewall.
Can you show me the log where the XG is referencing a Content Policy for Australia?
I have been able to isolate the issue to IPv6 traffic only and the XG is unable to identify where the IPv6 address sites are located.
So based on the Log, it doesn't look like it’s blocked due to a Content Filter, usually, if that is the case the log would show
reason="acl primary match Content Check on
So this is being blocked by the Application Filter Policy but not the content Filters.
I have a web exception in place that only works on IP4 traffic, not IPv6 traffic so hence the error. I don't have an application filter blocking content.
If I use the proxy the application is blocked, doesn't show in the logs and the parent application ABC iview does not work. If I disable the proxy and use the DPI then the ABC iview works with errors in the logs about manual proxy surfing.. Further XG is unable to provide any detail when using the diagnostic tools, but knows about the url when the url category lookup is run.
The url is iview-vod-his.akamaized.net
The issue is getting worse, I now have imaps between client mail and the RSP mail server classified as P2P torrent.
I thought I had identified the the cause, but that was masked by using the web proxy rather then DPI. DPI causes the stuff to be blocked where as the web proxy allows it.
Mail I have stopped scanning SMTPS because XG keeps breaking the trust.
I am in the process of building a new XG with new hardware, but getting some parts is proving difficult eg dual port NICs.
edited:- remove incorrect conclusions.