Since Update 9.715-4 Web Filtering not Working?

Hello Chris,

Good day and thanks for reaching out to Sophos Community

When you say Internet Connection stopped working does it mean even ping from the Firewall, End machines to an external IP/domain does not work? or only web browsing? Also does it happen to all users or isolated cases only? and what error does the end machine is being prompted when trying to browse the web? 

Many thanks for your time and patience and thank you for choosing Sophos

Cheers, 

• Ping to google.de still possible with web filtering on (but slow)
• Websites on all connected devices don´t load (ERR_CONNECTION_TIMED OUT)
• Streaming although not possible

No Log Entries in Web Filtering Live Log. Turning Web Filtering off and everything is fine.

Never had that before...

Hello Chris,

Thanks for these details and apologies that you have bumped into this inconvenience.

Could you please open a support ticket for this to be further investigated then please share with us the caseID once you have it. 

Many thanks for your time and patience and thank you for choosing Sophos.

Cheers,

Guess there is no Ticket-Option for me, i´m Sophos UTM Home Free User.

Again: When turning Web Filtering off, everythings works normal. As soon as i activate Web Filtering in transparent Mode (no authentification), every Website ends with a time out error. Log for Web Filter is completely empty, which is very strange. What do i miss? Anything to do about that 8080-Port?

Hello Chris,

Thanks for this additional information. Could you confirm your UTM's pattern version? under Management>Up2date>Pattern

Also, could you show the error you are encountering with port 8080?

What happens when you use policy test? and could you test disabling all Web Filter profiles and use only the Base Policy? 

Kindly let us know how it goes. Many thanks for your time and patience and thank you for choosing Sophos

Cheers,

Pattern Version: 228881

No Error with 8080. Just a suspicion that the port might be blocked somehow. But the logs don't give anything in this regard.

Policy test: " An error occurred while processing the policy test request."

Base Policy only: WORKS! But i need to tick "Do not proxy HTTPS traffic in transparent mode". If not ticked, same error. Even with Base Policy only Policy test still throws the above error.

Additional Info 1/3: Web Filter Log stays empty all the time (except a short notice when i turn off the filter: "2023:07:28-19:41:22 firew_ttt URID[31081]: T=31081 ------ 1 - [exit] SIGTERM: exiting"); for testing purpose i´ve added a Domain under " Block These Websites" in Base Policy, Domain is NOT blocked, no log entry --> Guess Web Filtering isn´t working at all.

Additional Info 2/3: Selfmonitoring-Log:

2023:07:28-21:32:12 firew_ttt selfmonng[3948]: W triggerAction: 'cmd'
2023:07:28-21:32:12 firew_ttt selfmonng[3948]: W actionCmd(+):  '/var/mdw/scripts/httpproxy restart'
2023:07:28-21:32:14 firew_ttt selfmonng[3948]: W child returned status: exit='0' signal='0'
2023:07:28-21:32:19 firew_ttt selfmonng[3948]: I check Failed increment httpproxy_running counter 1 - 3
2023:07:28-21:32:24 firew_ttt selfmonng[3948]: I check Failed increment httpproxy_running counter 2 - 3
2023:07:28-21:32:29 firew_ttt selfmonng[3948]: W check Failed increment httpproxy_running counter 3 - 3
2023:07:28-21:32:29 firew_ttt selfmonng[3948]: W NOTIFYEVENT Name=httpproxy_running Level=INFO Id=141 suppressed
2023:07:28-21:32:29 firew_ttt selfmonng[3948]: W triggerAction: 'cmd'
2023:07:28-21:32:29 firew_ttt selfmonng[3948]: W actionCmd(-):  '/var/mdw/scripts/httpproxy restart'
2023:07:28-21:32:34 firew_ttt selfmonng[3948]: I check Failed increment httpproxy_running counter 1 - 3
2023:07:28-21:32:39 firew_ttt selfmonng[3948]: I check Failed increment httpproxy_running counter 2 - 3
2023:07:28-21:32:44 firew_ttt selfmonng[3948]: W check Failed increment httpproxy_running counter 3 - 3
2023:07:28-21:32:44 firew_ttt selfmonng[3948]: W NOTIFYEVENT Name=httpproxy_running Level=INFO Id=141 suppressed
2023:07:28-21:32:44 firew_ttt selfmonng[3948]: W triggerAction: 'cmd'
2023:07:28-21:32:44 firew_ttt selfmonng[3948]: W actionCmd(+):  '/var/mdw/scripts/httpproxy restart'
2023:07:28-21:32:47 firew_ttt selfmonng[3948]: W child returned status: exit='0' signal='0'
2023:07:28-21:32:52 firew_ttt selfmonng[3948]: I check Failed increment httpproxy_running counter 1 - 3

Additional Info 3/3:

SSH on Sophos UTM --> /var/mdw/scripts and run ./httpproxy restart:

Restarting httpproxy
:: Stopping httpproxy                                                                                                                    done
:: Starting httpproxystartproc:  cannot execute /var/chroot-http/usr/bin/httpproxy: Exec format error
                                                                                                                                         failed

Update: Did manual Update to 9.716 (https://community.sophos.com/utm-firewall/b/blog/posts/utm-up2date-9-716-released)

Right now Policy Test WORKS, URL Filter for HTTPS seems to work too. But Web Filtering Log is now flooded like this:

Live Log: Web Filtering	
Filter:	
	Autoscroll	
Reload
2023:07:31-21:13:06 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25a25800" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:13:27 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25a58400" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:13:42 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25a75000" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:14:12 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25afec00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:14:47 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25a26400" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:15:05 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1134" message="Write error on the epoll handler 148 (Broken pipe)"
2023:07:31-21:15:07 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25b14c00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:15:22 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25a57800" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:15:50 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25b32000" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:17:02 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25a74400" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:17:06 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25b5c400" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:17:26 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25975000" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:17:48 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x2599b000" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:19:16 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25d80c00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a04:4e42:8d::446 failed: Network is unreachable"
2023:07:31-21:19:16 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25d77000" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a04:4e42:8d::446 failed: Network is unreachable"
2023:07:31-21:19:16 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25ab8000" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a04:4e42:8d::446 failed: Network is unreachable"
2023:07:31-21:19:23 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25b5b800" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:19:45 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25998c00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:19:48 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="595" message="reloading config"
2023:07:31-21:19:49 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="659" message="reloading config done, new version 10"
2023:07:31-21:20:37 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="595" message="reloading config"
2023:07:31-21:20:37 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="659" message="reloading config done, new version 11"
2023:07:31-21:20:37 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25a58400" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a04:4e42:8d::446 failed: Network is unreachable"
2023:07:31-21:20:39 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25b33800" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a04:4e42:8d::446 failed: Network is unreachable"
2023:07:31-21:20:40 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25d81800" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:20:42 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x260ab800" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:20:55 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25b34400" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:21:00 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25938c00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:21:02 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25a91800" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2600:1f18:92:3a00:bfd2:10b0:a3d6:5722 failed: Network is unreachable"
2023:07:31-21:21:21 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25c5ac00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:21:26 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1134" message="Write error on the epoll handler 140 (Broken pipe)"
2023:07:31-21:22:02 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25b74c00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:22:29 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25a75000" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:22:49 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x4b49800" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:23:16 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25c5b800" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:23:32 firew_ttt URID[4948]: T=4948 ------ 2 - Warning: EARLY TIMEOUT: dns context 16 has 5965 ms before it should time out\n
2023:07:31-21:23:32 firew_ttt URID[4948]: T=4948 ------ 2 - Warning: EARLY TIMEOUT: dns context 21 has 5959 ms before it should time out\n
2023:07:31-21:23:32 firew_ttt URID[4948]: T=4948 ------ 2 - Warning: EARLY TIMEOUT: dns context 19 has 5959 ms before it should time out\n
2023:07:31-21:23:37 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25ab8c00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:24:10 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25b14c00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:24:31 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25b77000" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:25:17 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25995800" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:25:37 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25cf0c00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:26:22 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25d77000" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:26:47 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x2612f800" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:26:51 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25d5ec00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:27:03 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25cf0c00" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"
2023:07:31-21:27:11 firew_ttt httpproxy[5154]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x25d61000" function="connect_server" file="dns.c" line="1288" message="connect() on AF 10 socket to 2a00:1450:4001:806::2003 failed: Network is unreachable"

And, what i don´t understand, why are there no numbers?:

Quite a few hits in your firewall.  Have you reviewed its log to see details. 

Sorry, i don´t get it. I´m talking about my Web Filtering, which isn´t working, not the firewall...

I understand, but 15K is a lot of entries unless that's typical for you? Maybe something there will give some clue where to look further.