This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFOS v21 - Windows DomainController connection to Clients behind RED recognized as Freegate Proxy

Hey everyone,

today i noticed our Windows DCs want to communicate with Windows Clients behind a RED Device, where SFOS is recognizing it as a Freegate Proxy Application and blocks it

Src IP = Win DC

Dst IP = Win Client behind RED

Seems to be the same as already mentioned in this post: Application Filter false positive - IP whitelist - Discussions - Sophos Firewall - Sophos Community

But in Firewall Logs i cannot see any blocked connections. Dont know if i should allow these connections. Anyone else experienced this behavior?

Regards

Peter

This thread was automatically locked due to age.

0 LuCar Toni 10 months ago

What kind of Ports are used? Maybe this helps to find the application.

You can also check for the advanced view and then check for the same time frame and other logs (like Firewall and Web Filter Log)

__________________________________________________________________________________________________________________
- 0 Peter Riederer 10 months ago in reply to LuCar Toni
  
  thats the point, i cannot find anything in the firewall log with this source and dest ip. but logging is enabled on all Rules. Freegate Proxy is supposed to use Port 8580, but no results in Firewall Log either. There are no blocked application events, when the same client is in the office, only when behind a RED Device