Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FILT-APP Block Office365 SOPHOS XGS

Hello,

I have recently see my officesetup.exe installation blocked when I activated the app-filter based on this policy "Block generally unwanted apps" on my LAN TO WAN firewall rule.

This blocked was manifest juste after launch the officesetup.exe, the installation window be blocked on "Prepare your environnement". Sometimes blocked to the next step with the downloading window.

I not found any log during debug.

The cause categorie seems to be "File Transfert" categorie because when I allow this, the installation work instant.

My questions is:
- How I can debug this from logs ?

- Somebody already impacted by and soluce this ?

Thank you in advance for help.



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Vivek,

    In the APP-FILTER log viewer I don't have any information for this. It's a problem.

    And I have already create my application filter based on filter "Generaly  unwanted Apps", but my problem it's I have a filter who block my setup and I can't find it in the log. 

    This would have helped me find the category that is blocking.

    I go create a ticket to the support. Thank you.

    Great day,

  • Hello  ,

    The predefined "Block generally unwanted apps" Application filter policy has 'File Transfer' apps being denied in it by default, including several MS apps, so likely this is the cause of why you're having issues. 

    As Vivek suggested above, you can further check this under Log Viewer > Application Filter

    If you still want to use this predefined application filter, you can configure a new application filter using this as a template, then fine-tune the application filter to meet your requirements without your legitimate traffic being denied. 

    Hope this helps. Many thanks for your time and patience and thank you for choosing Sophos. 

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi Raphael,

    I already configue a new application filter on this template.

    I know the "File Transfer" category is the cause of my problem. But in this category we have a lot of items and I would like know which items block. I would like found in log but nothing.

    I had to use this command in cli "service ips:debug -ds nosync" and I can find who the "Multi Thread File Transfer" item was the good.

    Is it possible to exclude only one particular app ?  Or do I have to remove this item?

    thank you

  • Hello  ,

    Thanks for the additional details.

    If you find the "Multi Thread File Transfer" is the legitimate traffic that's being blocked under "File Transfer Category" and you still want to block the category File Transfer, here's what I may recommend:

    You may select the application individually,

    Then set to - Allow

    Then put this on top of the of your Application Filter list, then Configure a Select All for File Transfer then set it to deny

    Then set it below your Allow rule on the application filter, so the arrangement would look like this: 

    - You may also further add any applications you need to allow on top of your deny rules. 

    - For your testing, I may recommend you test it on a Firewall Rule on Top using specific settings, e.g. test it on 1 host only before completely applying the application filter to the whole network.

    - Further, denied applications on your rules can be seen under Log Viewer > Application Filter 

    Hope this helps. Have a nice day and thank you for choosing Sophos.

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi  , Thank you.
    This is the solution that works best for me. 

    Thank you for taking the time and precision of your explanations.

    Great day !

  • Hello  ,

    You're welcome, Glad we're able to be of help. 

    Have a nice day and thank you for choosing Sophos.

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.