This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

bad pattern updates......AGAIN????

Current pattern updates v208978. Blocking App Store courier.push.apple.com/


sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.50.20" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo3 (Internal filter profile)" filteraction="REF_DefaultHTTPCFFAction (Content filter (Internal Network))" size="0" request="0x8c7e3100" url="">courier.push.apple.com/" referer="" error="Host not found" authtime="0" dnstime="236" aptptime="127" cattime="30401" avscantime="0" fullreqtime="46490" device="0" auth="0" ua="" exceptions="av,sandbox,fileextension" category="105" reputation="trusted" categoryname="Business"

Can anyone confirm we have a bad pattern updates v206808?  Can't connect to App Store blocking url https://courier.push.apple.com

action="block" method="CONNECT" srcip="192.168.50.20" dstip="" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_HttProContaInterNetwo3 (Internal filter profile)" filteraction="REF_DefaultHTTPCFFAction (Content filter (Internal Network))" size="0" request="0x9db16e00" url="https://courier.push.apple.com/" referer="" error="Host not found" authtime="0" dnstime="19295" aptptime="125" cattime="156" avscantime="0" fullreqtime="20543" device="0" auth="0" ua="" exceptions="av,sandbox,fileextension" category="105" reputation="trusted" categoryname="Business"
2022:02:26-18:52:38 httpproxy[14863]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked"

Thanks



This thread was automatically locked due to age.
Parents
  • The following is from AN OLD POST SO IGNORE the errors.....

    >>> Modules::Audld::LocalRestriction::_seek_own_country::130()
    Could not connect to Server us1.utmu2d.sophos.com (status=500 Can't connect to us1.utmu2d.sophos.com:443 (timeout)).

    >>> Modules::Audld::LocalRestriction::_seek_own_country::130()
    Could not connect to Server us2.utmu2d.sophos.com (status=500 Can't connect to us2.utmu2d.sophos.com:443 (timeout)).

    >>> Modules::Audld::LocalRestriction::_seek_own_country::130()
    Could not connect to Server sg1.utmu2d.sophos.com (status=500 Can't connect to sg1.utmu2d.sophos.com:443 (timeout)).

    >>> Modules::Audld::LocalRestriction::_seek_own_country::130()
    Could not connect to Server eu1.utmu2d.sophos.com (status=500 Can't connect to eu1.utmu2d.sophos.com:443 (timeout)).

    >>> Modules::Audld::LocalRestriction::_seek_own_country::130()
    Could not connect to Server eu2.utmu2d.sophos.com (status=500 Can't connect to eu2.utmu2d.sophos.com:443 (timeout)).

    but at least it gives what may still be the upmu2d nslookup names.  appears they're all on amazon aws which is never ever good, single point of failure.  I hope someone from sophos logs into here and reads this and looks into it,  many of us don't have time to call sophos tech support and wait on hold for hours and still not get resolution.  Is some employee from sophos reading this???

  • I was wondering restoring to 9.708-6 would also restore previous pattern updates?

  • that snapshot was from jan 27 2022

  • can you change to manual in the configuration tab, so it doesn't auto update.

  • yes, did that, on manual. sees 206808

  • it was on a sum to update also, now direct, it sees the same 206808...... so I guess if you're having other issues and you restore to 9.708 iso and that datafile backup then turn off autoupdate you'd be back in business. just don't update the pattern, 

  • i just got a spam email in through it, i have it as a 60 on my mx record so not much goes through it except spam.

  • guess just have to wait for Sophos.  Hope someone from Sophos see this thread.  I'm just seeing random issue.

  • what features aren't working?  sometimes, or actually if something is fried, i'd restore the iso, update it to 708, load the708 newest backup and be happy for a bit.

  • I've had stupid things happening in the past before, on many different brands of FW, just re-ISO it, restore backup from last night and all the weird crap goes away.  If I could find a forcepoint brain/reseller, i'd do that as a test, they're total overkill but looks like overkill would be normal these days. haha

  • mostly on my iPhone.  App Store, email, Windows updates.  Everything seems fine...for now

  • hmmmm, windows updates seems to always have psychological issues ....thinking...is this a paid license or home. if paid, you can try support.  I gave up on them 10 years ago, i reiso, restore the backup to a known point, every few days I copy/paste the email exclusions, IPs blocked, domains blocked etc. to my email and use the SUM. which they're going to not upgrade anymore, as if any new feature has been added in the last 5 years.  They're going to make people NOT happy.

Reply
  • hmmmm, windows updates seems to always have psychological issues ....thinking...is this a paid license or home. if paid, you can try support.  I gave up on them 10 years ago, i reiso, restore the backup to a known point, every few days I copy/paste the email exclusions, IPs blocked, domains blocked etc. to my email and use the SUM. which they're going to not upgrade anymore, as if any new feature has been added in the last 5 years.  They're going to make people NOT happy.

Children
  • i forgot to say that even on clients hardware and paid support 3 year total with sandbox, i don't call support.  worst case, restore, add crap back.  I test the heck out of new FW before deploying it due to covid, cant easily drive there