What feature is impacted? Web Filtering
What is the severity of the issue? medium
Summary of the issue:
I have an internal DNS server. For this reason I disable the Sophos DNS server (under System Services / Services / DNS server). Once DNS is disabled, my internal clients that do *not* use web filtering can successfully browse (using my internal DNS server). The hosts that have Web Filtering (with all options except "Use zero-day protection" checked) cannot access public web servers. When the DNS server is enabled, the web filtering works properly (presenting a blocked-site notification to clients' web browsers). I wish to keep the DNS service disabled because I want clients using my internal DNS server, but I also need certain clients to have web filtering policies enabled.
Observed behavior (What it did or didn’t do):
Clients with web filtering enabled received a Sophos message in their browser: "dns server did not respond to our request for address lookup."
Desired behavior (How is it expected to or should behave):
When browsing to sophostest.com and viewing a blocked resource, when Sophos' DNS service is enabled, the expected Sophos block message appears in the browser. It is expected that the Sophos firewall will use the statically-assigned DNS IP to resolve requests for the transparent web proxy that is used to inspect client http traffic, instead it looks like it is trying to use an internal DNS server (which is disabled due to not needing the internal DNS server), and thus failing.
How do we reproduce it (Provide instructions to help us reproduce the behavior): Disable DNS services, Enable web filtering (using the web proxy instead of the DPI engine), and apply a web policy that blocks web traffic.