I have an SG210 running FW 9.605-1
We have a problem where when we navigate to a particular web page we get a "404 Page Not Found" error. The webpage is for a client system and I cannot share the URL.I can tell you that we use the Web Proxy with Decrypt & Scan turned on and that I have created an exception (a long time ago) for this webpage to bypass the proxy.
Whether the user is going via the proxy or is excluded from it entirely, it is not possible to load the page.
As I would expect, there is no log of this page being accessed in the Web Filter log.
If I give my laptop a public IP address to bypass the UTM entirely the web page loads without issue.
Historically this webpage has worked without issue. The only recent change is migrating to 9.6-051.
I'm unsure where else to look in the UTM to resolve this problem.
do you see the access within firewall log?
try to ping the webpage-name from within your lan ... is the IP-correct?
Sophos Solution Partner since 2003 If a post solves your question click the 'Verify Answer' link.
Thanks for your reply
There is nothing in the FW log and I when I ping the domain it resolves the IP but times out (also does this outside of the UTM).
Without webproxy (or with a proxy exception) you should see the access request as allowed or blocked...
Check firewall and enable logging at the necessary rule.
Do you see the same IP inside the LAN as outside the lan?
use traceroute to the WebServer-IP to check the packets really going to the internet.
I've raised a service ticket with Sophos and will update the forum post when I have a resolution
Does it work bypassing the proxy?If yes, try to disable pharming protection if you are in transparent mode.
Thanks for your reply, bypassing the proxy does not fix the problem.
In fact, a "standalone" laptop not using the proxy at all and simply using the UTM as an Internet Gateway/DNS server also can't access the URL and gets a 404.
To me this seems like its either a DNS or routing issue (if it's a UTM problem).
Otherwise it might be server side settings that only allow certain IP's to access this server.
Since we don't know the URL and can't see the environment, it is probably best to open a support case.