Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 39 subscribers
  • Views 25111 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP Scanning (Malware) Blocks ALL HTTP Websites

ChrisWestmacott

Hello everyone,

I am a paid Sophos customer with a subscription, however it is taking me too long to get anywhere with their support and I have a deployment tomorrow for a client so I am hoping someone will be able to help me.

I have an XG125 which I just updated to 15.01.0 MR-2.  I have a very simple configuration, with one local policy that allows LAN and WiFI to access the WAN on any port.  As soon as I enable "Scan HTTP", all HTTP websites generate a 502 error message.  If I change the scanning from Batch to Real Time, what usually happens is it tries to load the website but it is missing all formatting/images.  I'll show you pictures later in this thread.  I have tried with App Control, Web FIlter, IPS, and Traffic Shaping to None.  I have tried with Web Filter set to Default Work Policy (the policy I plan to deploy it with)... it doesn't make a difference.

My Sophos IP is 10.0.0.1, my workstation's IP is 10.0.0.52, my workstation's gateway is 10.0.0.1, and my workstation's DNS is 10.0.0.1.  The Sophos DNS server is my ISP's DNS and the IPs are provided in a screenshot.

I'll include as many screenshots as I can as I am hoping for a speedy resolution here or I'll have to turn off all malware scanning for my client.

Error Code with Batch Mode ON:

Site example with Real Time Scanning ON:

Policies:

Malware Setting (I have tried Avira to no avail)

Web Content Filter:

DNS Setting:

Firmware:



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    Sorry Chris,

    Port 1 to 8 are bridged, why?

  • 0 in reply to lferrara

    They are bridged because I am using those ports as switch ports so I don't have to deploy a switch for my client.  An AP55c plugs into port 8 and an AP55 plugs into port 7, and I need them to both be on the 10.0.0.0/24 subnet.  I started off NOT bridging those ports, however whenever I tried to put two ports on the same subnet without bridging them, the Access Points would freak out and never come online.  The only fix I was able to find (and Sophos support suggested) was to either bridge the ports, or plug a switch into one of the ports and connect both APs to the switch.

    I took out the 3rd DNS and I made a separate rule at the top for just HTTP and HTTPS services.  I cleared my computer's cache with CCLEANER and it still gives me a 502 error code when I go to any HTTP website (as I currently have batch mode turned on).  If I turn it to real-time mode I can access the page, but all formatting/images are lost.

  • 0 in reply to ChrisWestmacott

    I can try not bridging the interfaces and see if that helps.

  • 0 in reply to ChrisWestmacott

    You do not need to bridge multiple interfaces unless you need to connect multiple devices on the same subnet.

    Remove all the bridge, event the AP bridge. Configure the AP Bridge to AP LAn only on Wireless Network area.

    I have your config and it works with no issue.

    Let us know.

  • 0 in reply to lferrara

    I deleted the Bridge and still the same problem... 502 error when I load any HTTP websites from my computer.  As soon as I turn off HTTP scanning it works perfectly.

    I rebooted both the XG125 and my computer and tested again.

    I'm at a complete loss as to why this isn't working... if you want I can give you temp. access into the box to check it out.  It's not live yet but it will be in production tomorrow so I need to get this working as it's on their requirements list.

    I'm planning on doing a factory reset tonight to see if that helps.

    Thanks for all your help so far.

Unfiltered HTML