Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 3503 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM is Blocking any http Sites.

Rizal F

Hi,

so anyway, my UTM is blocking any http sites/traffic. but https is fine. any ideas?

the UTM is on Bridge Mode

the error:



This thread was automatically locked due to age.
Parents
  • 0

    Be carefull, rule "ANY" is very dangerous in webfilter in allowed networks. It is warned by the sophos manual itself. chose your internal network -> it is the better solution, also for normal firewall rules. 

  • 0 in reply to Jonas92

    i've already change to my internal network. but the problem is still. 

  • FormerMember
    0 FormerMember in reply to Rizal F

    Hi ,

    Could you please provide the DNS configuration detail? Did you configure an external or internal DNS server? 

    Did you put the internal network to the allowed networks under Network Services > DNS > Allowed networks? 

    Thanks,

  • 0 in reply to FormerMember

    Hi H_Patel,

    this is my DNS configuration. 

  • 0 in reply to Rizal F

    First off, your DNS forwarder:  Either pick the one assigned by ISP (checkbox) or uncheck it to use the forwarders that you put in the allowed list there.  

    Second: Allowed Network under your Global tab should go back to Internal Network.

    Are you checking the logs when you try to go to http sites?  What is the log showing you?  Can you post it?

    Your Firewall configuration at the very top:  I know someone already talked about the ANY rule (no-no).  But it looks like you are missing something on that second rule.  You should have a group called Web Surfing, which also contains:

    HTTP, HTTP Proxy, HTTP WebCache and HTTPS.  Can you change that rule to use that group and not just HTTP?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    hi.

    i've setting as you told me..
    the first and the second is already changed. the log : 

    2021:02:08-23:46:28 networkadmin httpproxy[13581]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8387c00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 2 socket to 45.148.120.131 failed: Network is unreachable"
    2021:02:08-23:46:28 networkadmin httpproxy[13581]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="103.111.29.221" dstip="45.148.120.131" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2511" request="0x8387c00" url="">http://45.148.120.131/" referer="" error="Network is unreachable" authtime="0" dnstime="0" aptptime="0" cattime="103" avscantime="0" fullreqtime="347" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36 Edg/88.0.705.63" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized"
    2021:02:08-23:46:28 networkadmin httpproxy[13581]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="103.111.29.221" dstip="172.217.194.119" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2517" request="0x18e89800" url="">https://i.ytimg.com/" referer="" error="Network is unreachable" authtime="0" dnstime="0" aptptime="0" cattime="76" avscantime="0" fullreqtime="271550" device="0" auth="0" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized"
    2021:02:08-23:46:28 networkadmin httpproxy[13581]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x8388a00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 2 socket to 34.107.221.82 failed: Network is unreachable"
  • 0 in reply to Rizal F

    Have you rebooted this firewall recently?  I know this sounds funny, but looking at some other posts about this similar behavior, a couple of things seem to 'fix' this problem:

    1.  Rebooting, for whatever reason. (Maybe a DNS cache flush?)

    2. Changing your interface (External) to bridged.  What is your external interface now?  What type of connection do you have?  To me, the logs look like DNS isn't working.

    After rebooting, check and see if it works.  IF not, I would change your DNS forwarders.  Uncheck that box that says to use your ISP forwarder, then create a new DNS forwarder to 1.1.1.1 and see if it works instead Google's DNS servers.  Not only do I try to stay away from Google as much as I can, I have had similar issues using their DNS and always end up going back to my ISP.  However, in your case, I think this might be a troubleshooting step you should take.  I would also flush your caching.

    I wouldn't think you need to change your interface to bridged mode if it's not already there, and instead focus on some DNS troubleshooting.  The first thing I always try to do is try to go to a website by DNS name.  If that doesn't work, I will ping it to get the IP address and then try using the IP in its place.  If you can reach it by IP address and not by DNS name, that would confirm you have an issue with DNS.

    Did you also try to add that group I mentioned earlier as well?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Rizal F

    Hai Rizal and a belated welcome to the UTM Community!

    Agreed with Amodin.  Try configuring as in DNS best practice.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data
Unfiltered HTML