This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Host Not Found

We recently got a backup appliance that is used for both servers and workstations. I need some advice on how to configure our SG 310 to allow access.

 

To manage individual servers and workstations, you need to access them through a web browser through a particular port. For example

https://Workstation01:8014

https://Workstaion02:8014

https://Server01:8014

etc...

Currently, the SG310 is not allowing access, showing the following error.

An error occurred while handling your request

While trying to retrieve the URL:
https://keriomail:8014/
The content could not be delivered due to the following condition:
Host not found
 
 
We have Active Directory and I have put our DNS server in the DNS Forwarders list in Sophos. This particular host is also defined as a host in the Definitions - Network Definitions as well.
 
What am I missing?

 
 
 
 
 
 


This thread was automatically locked due to age.
  • Right now, your problem is the unqualified host name.   Use the FQDN so UTM knows how to resolve the name.

    Then you need to allow access to the nonstandard ports in your web filter.

  • DouglasFoster said:

    Right now, your problem is the unqualified host name.   Use the FQDN so UTM knows how to resolve the name.

    Then you need to allow access to the nonstandard ports in your web filter.

     

     

    As far as the non-standard port, I was able to fix that by entering it in the Web Protection - Filtering Options - Misc - Allowed Target Services. That turned out to be the easy part.

    The FQDN suggestion did fix the issue. Thanks.

    From within the administrative web interface for the backup appliance, you are able to launch a session with individual workstations or servers. When I setup the PCs everything defaulted to just the DNS name but I was able to edit them to include the FQDN name.

    Is there any way to tell the SG 310 that an address is local other than by an FQDN? Since our MS Active Directory DNS server has all the local names defined, why is it necessary to use the FQDN?

  • I know that lots of techs prefer shortnames and generally speaking in a network that is has one site with a handful of users you can get away with it.  An unqualified name just forces the host to find a qualified name via the suffix list and if it cannot find it in that manner it fails.

    So if the SG310 failed it could be that it does not have properly configured suffix.

    Besides, it just good form to use FQDN's for everything that you do with an eye to those who come after you.

    John

  • In the Web Protection (others tab) you could define a standard search domain. That way you could use short names.

    This could fit to your question.

    Best

    Alex

    -

  • That did fit. Putting in AD domain (ex:domain.local) in the Search domain field allows me to put in short names.

    It doesn't explain why DNS doesn't work with short names but this works.

    Thanks!

  • Note, however, that the web is moving to HTTPS, including the URLs that you provided.   Short names will always cause a certificate verification error, because the name on the certificate (an FQDN or wildcard DNS domain) will not match the short name entered.   Neither you nor your users should casually ignore certificate errors, so you want to get in the habit of using FQDNs for everything.   Use shortcuts and favorites to save typing, rather than short names.

    I am a little surprised that the UTM is in the path between your backup administrators and your backup device, given that all seem to be in the same AD domain.   Traffic between internal users and internal hosts should bypass UTM completely, but perhaps you are referring to administrative users on an SSL VPN connection, or something similar.

  • Robert, you might check out DNS best practice for more ideas on improving your situation.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA