Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 6 subscribers
  • Views 1174 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG230 can not resolve HTTP - HTTPS working

Aimero

Hi,

my SG230 can not resolve websites that are working on HTTP.

Every website that is HTTPS works fine.

I can nslookup every http site properly on cmd prompt.

So DNS is basically working.

The browser is showing this:

I enter http://wetest.de 

I already have DNS allowed for the network (LAN Internal)

The webfilter policy test says I am allowed to browse the site

If I add the website to the Transparency exception list in Filteroptions on the Webfilter, the website starts working.

The live protocol of the webfilter doesn't even recognize my attempt to open the website

if I use https it show the site immediately

2020:11:03-10:40:38 sg230 httpproxy[17351]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.10.20.60" dstip="81.169.145.89" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1759" request="0xda5aee00" url="https://wetest.de/" referer="" error="" authtime="1" dnstime="40114" aptptime="427" cattime="245" avscantime="0" fullreqtime="91158" device="1" auth="2" ua="" exceptions="" category="141" reputation="neutral" categoryname="Portal Sites"
2020:11:03-10:40:38 sg230 httpproxy[17351]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.10.20.60" dstip="81.169.145.89" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1759" request="0xcfe1fc00" url="https://wetest.de/" referer="" error="" authtime="2" dnstime="40292" aptptime="264" cattime="248" avscantime="0" fullreqtime="91733" device="1" auth="2" ua="" exceptions="" category="141" reputation="neutral" categoryname="Portal Sites"
2020:11:03-10:40:44 sg230 httpproxy[17351]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.10.20.60" dstip="81.169.145.89" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1759" request="0xcfdece00" url="https://wetest.de/" referer="" error="" authtime="2" dnstime="5" aptptime="207" cattime="212" avscantime="0" fullreqtime="42579" device="1" auth="2" ua="" exceptions="" category="141" reputation="neutral" categoryname="Portal Sites"
2020:11:03-10:40:44 sg230 httpproxy[17351]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.10.20.60" dstip="81.169.145.89" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1759" request="0xd10db800" url="https://wetest.de/" referer="" error="" authtime="2" dnstime="4" aptptime="121" cattime="131" avscantime="0" fullreqtime="48104" device="1" auth="2" ua="" exceptions="" category="141" reputation="neutral" categoryname="Portal Sites"
2020:11:03-10:40:44 sg230 httpproxy[17351]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.10.20.60" dstip="81.169.145.89" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1759" request="0xd9f1e700" url="https://wetest.de/" referer="" error="" authtime="2" dnstime="5" aptptime="223" cattime="195" avscantime="0" fullreqtime="50767" device="1" auth="2" ua="" exceptions="" category="141" reputation="neutral" categoryname="Portal Sites"
2020:11:03-10:40:44 sg230 httpproxy[17351]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.10.20.60" dstip="81.169.145.89" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1759" request="0xd24fe300" url="https://wetest.de/" referer="" error="" authtime="2" dnstime="5" aptptime="183" cattime="218" avscantime="0" fullreqtime="54966" device="1" auth="2" ua="" exceptions="" category="141" reputation="neutral" categoryname="Portal Sites"



This thread was automatically locked due to age.
  • 0

    Hello Timo,

    can you check this, please: https://community.sophos.com/utm-firewall/f/recommended-reads/115526/sophos-utm-dns-best-practice

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    Hi,

    thanks for the answer.

    I already did that guide.

    at step 2 I have a problem

    I use Office 365 but if I go along with 2 b) ooutlook can't connect

    So I let the settings like they are.

    Everything is working except HTTP websites.

    and as said, DNS resolving is working on every machine correctly.

    This must be a issue with the webfiltering since the pages start to work again if I enter the IPs in the exception list

  • 0 in reply to Aimero

    Hello Timo,

    I still think you have a DNS problem. Did you test to reach the internal DNS-Servers from the Sophos Firewall (Support/Tools/DNSlookup)?

    Please test on one of your internal DNS-Servers if you can resolve publix names correctly, like nslookup www.heise.de or www.ibm.com.

    I had bad experience with the DNS Servers from Unitymedia you are using, so I usually go the way of 2 and 2b in "DNS best practise" link from above.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    From sophos:

    Trying "adsrv2.internaldomain.de"

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3273

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0



;; QUESTION SECTION:

;adsrv2.internaldomain.de.			IN	ANY



;; ANSWER SECTION:

adsrv2.internaldomain.de.		985	IN	A	10.10.10.11



;; AUTHORITY SECTION:

.			75803	IN	NS	c.root-servers.net.

.			75803	IN	NS	e.root-servers.net.

.			75803	IN	NS	f.root-servers.net.

.			75803	IN	NS	d.root-servers.net.

.			75803	IN	NS	j.root-servers.net.

.			75803	IN	NS	i.root-servers.net.

.			75803	IN	NS	m.root-servers.net.

.			75803	IN	NS	h.root-servers.net.

.			75803	IN	NS	a.root-servers.net.

.			75803	IN	NS	l.root-servers.net.

.			75803	IN	NS	k.root-servers.net.

.			75803	IN	NS	g.root-servers.net.

.			75803	IN	NS	b.root-servers.net.



Received 267 bytes from 127.0.0.1#53 in 0 ms

    Trying "adsrv.internaldomain.de"

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11338

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0



;; QUESTION SECTION:

;adsrv.internaldomain.de.			IN	ANY



;; ANSWER SECTION:

adsrv.internaldomain.de.		950	IN	A	10.10.10.10



;; AUTHORITY SECTION:

.			75768	IN	NS	h.root-servers.net.

.			75768	IN	NS	b.root-servers.net.

.			75768	IN	NS	l.root-servers.net.

.			75768	IN	NS	k.root-servers.net.

.			75768	IN	NS	c.root-servers.net.

.			75768	IN	NS	e.root-servers.net.

.			75768	IN	NS	i.root-servers.net.

.			75768	IN	NS	g.root-servers.net.

.			75768	IN	NS	j.root-servers.net.

.			75768	IN	NS	d.root-servers.net.

.			75768	IN	NS	m.root-servers.net.

.			75768	IN	NS	a.root-servers.net.

.			75768	IN	NS	f.root-servers.net.



Received 265 bytes from 127.0.0.1#53 in 0 ms

    From cmd:

    nslookup
Standardserver:  adsrv2.internaldomain.de
Address:  10.10.10.11

> heise.de
Server:  adsrv2.internaldomain.de
Address:  10.10.10.11

Nicht autorisierende Antwort:
Name:    heise.de
Addresses:  2a02:2e0:3fe:1001:302::
          193.99.144.80

> server 10.10.10.10
Standardserver:  adsrv.internaldomain.de
Address:  10.10.10.10

> heise.de
Server:  adsrv.internaldomain.de
Address:  10.10.10.10

Nicht autorisierende Antwort:
Name:    heise.de
Addresses:  2a02:2e0:3fe:1001:302::
          193.99.144.80

> 193.99.144.80
Server:  adsrv.internaldomain.de
Address:  10.10.10.10

Name:    redirector.heise.de
Address:  193.99.144.80

> server 10.10.10.11
Standardserver:  adsrv2.internaldomain.de
Address:  10.10.10.11

> 193.99.144.80
Server:  adsrv2.internaldomain.de
Address:  10.10.10.11

Name:    redirector.heise.de
Address:  193.99.144.80

    For me everything looks fine

    and as said:

    I tried the 2 and 2b but then outlook couldn't access O365 anymore

    Do you see anything wrong here? (checkmark to use ISP Forwarders is set off)

  • 0 in reply to Aimero

    Try this as the next step:

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    Deactivate that "office.com" request routing entry for now, this is needed for performance reasons only.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    I changed it and now I am fully Best Practise approved.

    Outlook now continues working but open HTTP still doesn't work :/

    It only works when I set exceptions for the transparent proxy

  • 0 in reply to Aimero

    Hallo Timo,

    ich habe versucht, dir eine private Message zusenden, aber der Community-Server sagt, er kann das nicht senden.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    Ich hab es mal auf everyone gestellt, jetzt müsste es gehen! 

    Vielen Dank für die Hilfe bisher übrigens :) 

Unfiltered HTML