Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 40 subscribers
  • Views 3984 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Neopost/Quadient postage meter not able to connect

Melissa Ferguson

I am trying to set up our Neopost/Quadient postage meter. I have given the meter as static IP and I see . I see "Allowed" packets in the Firewall rule. I have created a Web Exception ^([A-Za-z0-9.-]*\.)?neopost\.com/; When I look at firewall log, I am seeing allowed traffic, but when I look at the Packet Capture it is assured or unreplied.

Anyone with a Quadient meter or a better knowledge or Sophos have any insight? 



This thread was automatically locked due to age.
Parents
  • 0

    Try open a live log from both (FW and Web filtering) and narrow to your specific IP you assigned to your device and you should be able to see wbat's blocking your device from communicating.  This is how I always troubleshoot my issue with new device being added to my network.

    Good luck

  • 0 in reply to PatrickLee

    Thank you. Both of those locations did not show anything being blocked. But when I looked at the SSL/TLS inspection, the connection is there. I have tried multiple ways to exclude the device from SSL Inspection and am missing something because it keeps getting  rejected:

    Reject and notify

    19007

    3

    Block insecure SSL

    192.168.1.9

    146.20.53.70

    BAI Overrides

    146.20.53.70

    TLS_DHE_RSA_WITH_AES_128_CBC_SHA

    Blocked due to invalid TLS certificate

    Exclude

  • 0 in reply to Melissa Ferguson

    Hi Melissa and welcome to the Sophos User Communities!

    Your web exception should be:

         ^https?://([A-Za-z0-9.-]*\.)?neopost\.com/

    Cheers - Bob
    PS Moving your thread to the XG Community from the UTM Community

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks for the response. I don't have any http or https designation in front of any of my exceptions. They all are formatted like 

    ^([A-Za-z0-9.-]*\.)?neopost\.com/ .

    SSL Inspection is causing the problem, but I have added an SSL Inspection rule, Don't Decrypt specifically for the postage meters IP address and it is still trying to decrypt as the SSL Inspection log is showing an entry:

    2021-10-07 10:27:13
    Reject and notify
    19007
    6
    Block insecure SSL - TLS 1.0
    192.168.1.9
    146.20.53.70
    BAI Overrides
    146.20.53.70
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    Blocked due to invalid TLS certificate
    Exclude
Reply
  • 0 in reply to BAlfson

    Thanks for the response. I don't have any http or https designation in front of any of my exceptions. They all are formatted like 

    ^([A-Za-z0-9.-]*\.)?neopost\.com/ .

    SSL Inspection is causing the problem, but I have added an SSL Inspection rule, Don't Decrypt specifically for the postage meters IP address and it is still trying to decrypt as the SSL Inspection log is showing an entry:

    2021-10-07 10:27:13
    Reject and notify
    19007
    6
    Block insecure SSL - TLS 1.0
    192.168.1.9
    146.20.53.70
    BAI Overrides
    146.20.53.70
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    Blocked due to invalid TLS certificate
    Exclude
Children
Unfiltered HTML