Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 9 subscribers
  • Views 695 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM blocking many but not all https

SalishSwede

I created a Web Protection profile and am seeing strange behavior.
The firewall log is fulling up with blocks on port 443 from the device and
the web protection logs also show hundreds of http access requests being passed.

Many programs like my New York Times app can't connect (it says it's offline) but my web browser does.

I'm not sure how to troubleshoot given the Web Filtering is port 443 and it's logs are showing it's managing traffic from this device.
Why is it managing only some of the https traffic?



This thread was automatically locked due to age.
Parents
  • 0

    When using "Web Protection" you do not use a firewall rule to allow https traffic from the internal devices to the internet. Instead, traffic flows from internal net to the firewall proxy. The proxy running ON THE FIREWALL starts a new process to "talk" to the internet on behalf of the internal device. So when using "web protection" there is an implicit rule to allow traffic from the firewall to the internet. And that's it. All other "blocks" you are seeing is traffic from other sources than your browser, but this is a little guess work here, since you do not further specify. Normally, this depends on how you setup the proxy: in "transparent mode" it intercepts every tcp port  80 and 443 taffic and tries to "jump in between".

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    When using "Web Protection" you do not use a firewall rule to allow https traffic from the internal devices to the internet. Instead, traffic flows from internal net to the firewall proxy. The proxy running ON THE FIREWALL starts a new process to "talk" to the internet on behalf of the internal device. So when using "web protection" there is an implicit rule to allow traffic from the firewall to the internet. And that's it. All other "blocks" you are seeing is traffic from other sources than your browser, but this is a little guess work here, since you do not further specify. Normally, this depends on how you setup the proxy: in "transparent mode" it intercepts every tcp port  80 and 443 taffic and tries to "jump in between".

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML