XGS 136 blocking Dlubal RFEM

Hi!

I'm new here and this is my first post.

I'n running SFOS 19.5.0 GA-Build197 and I have an app (Dlubal RFEM 6.02.0045) being blocked by Sophos XGS 136. In Log Viewer, I can not locate any logs related to this blocking. I know that Sophos is blocking because if I test without Sophos, I can run RFEM perfectly. And if I disable Web Policy, App control (selecting Allow All for both) and SSL/TLS inspection, blocking still persists. The only way to run RFEM is without Sophos.

Does Somebody know if there is any issues with Dlubal RFEM software and Sophos XGS?



Added TAGs
[edited by: Erick Jan at 1:30 AM (GMT -8) on 10 Jan 2023]
  • Hi,

    the way I usually debug new applications is create a firewall rule at the top of the list similar to this

    source LAN, network your network, destination any, network any, services all, allow, log then run the application. After which you review th elogviewer with a refined search of your PCs IP address, this will show you the ports used and you can build a detailed firewall rule specifically for your application.

    Ian

    XG115W - v19.5 GA - Home

    Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi rfcat!

    Thanks for your advice ;-)

    After creating a new fw rule, I can connect to the server anf eventlog shows ip 89.187.130.211 and 89.187.130.200 with port 443.

    Should I create a specific firewall rule for this IP and port? If I disable App control, Web Filter and SSL/TLS Inspection (in the current FW rule) is not the same than creating this new rule that you suggested?

  • Hi,

    that rule was only for testing. I assume your existing rule is using the web proxy but not decrypt and scan. I would suggest you setup a web exception for your server. Leave app control and IPS enabled so that the server traffic can be classified in your daily reports.

    Ian

    XG115W - v19.5 GA - Home

    Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi rfcat!

    Thanks a lot for your suggestion!

    I fix the issue creating a new FW rule for testing and after that I realize the issue was related to a server located in Czec Republic that was blocked by current FW rule. After removing this block, RFEM is running perfectly!