This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

web log user swaps to computer name

we have a Sg310 and for some strange reason in the web log the ad user (namely me !!) keeps being replaced with the computer name with a $ after it and then proceeds to block me from the site. Moment later it back to my user name again and i can access the site again.

Should there anything i could be looking for?

log reads:

2019:04:11-10:52:26 gw1 httpproxy[10131]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.1.1.98" dstip="64.4.54.254" user="l.wagner" group="" ad_domain="DH" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (DHH_ICT)" size="26349" request="0xd7620700" url="web.vortex.data.microsoft.com/" referer="" error="" authtime="84" dnstime="37999" aptptime="68" cattime="94" avscantime="0" fullreqtime="385937934" device="1" auth="2" ua="" exceptions="av,sandbox,ssl,fileextension,size" category="105" reputation="unverified" categoryname="Business" country="United States" application="micrsoft" app-id="1151"

2019:04:11-10:52:28 gw1 httpproxy[10131]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.1.1.98" dstip="" user="LEE-W$" group="" ad_domain="DH" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3185" request="0xd96e2e00" url="https://outlook.live.com/" referer="" error="" authtime="80" dnstime="0" aptptime="108" cattime="74" avscantime="0" fullreqtime="219188" device="1" auth="2" ua="" exceptions="" reason="category" category="156" reputation="neutral" categoryname="Web Mail"



This thread was automatically locked due to age.
Parents
  • What happens if you add outlook.live.com to the same Exceptions as for web.vortex.data.Microsoft.com?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • will take a look but another user has had a similar issue with another site (namely dropbox).  It seems that the UTM is not recognising the user and just the computer and as expected blocking access, but the next entry its back to the correct user and access is allowed !!?

    Lee

Reply
  • will take a look but another user has had a similar issue with another site (namely dropbox).  It seems that the UTM is not recognising the user and just the computer and as expected blocking access, but the next entry its back to the correct user and access is allowed !!?

    Lee

Children