Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 29427 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wild-card DNS definitions in Transparent Skip list?

NewImage

Hi

I'm trying to add wild card domains for "Skip Transparent Mode" in 9.355 ( This is needed to get sophos cloud endpoints to work behind a transparent proxy)

The area only allows import of network objects, and not RegEx like the scanning exceptions does.

I am able to create DNS hosts, and DNS groups, but making a [ *.sophosupd.com ] DNS host/group object does not catch requests going to dci.sophosupd.com.

Is this a Bug or is the creation of wildcard DNS hosts or groups not possible in 9.355?

If it is not possible then Sophos needs to fix their Cloud AV to play nicer with transparent proxies.



This thread was automatically locked due to age.
  • 0 in reply to NewImage

    Hi,

    Please refer the link below, I hope this helps.

    https://www.sophos.com/en-us/support/knowledgebase/118209.aspx

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Thank you Sachin again for your time

    Hmm the issue i'm experiencing does not seem to be covered on that KB.

    The AV is able to install correctly when I add the dci IP to the transparency skip list for destinations, but not when added to the exception list.

    It looks like the act of running through the proxy itself is causing the installation to abort. The AV realizes a proxy is in use somehow, checks to see if one has been configured, then aborts. 

    016-04-26T17:29:33.084Z [ 6164] INFO SDDSDownloader::SyncInternal No manually configured proxy.
    2016-04-26T17:29:33.084Z [ 6164] INFO WindowsProxyDiscoveryWrapper::GetDefaultProxyConfiguration WinHttp default proxy not set
    2016-04-26T17:29:33.084Z [ 6164] WARN WindowsProxyDiscoveryWrapper::GetProxyForUrl Failed to get the automatic proxy configuration. The error code was 12180.

    I give up, it will work by just skipping that one IP, other communication from the AV does not seem to mind running through the proxy.

    Thanks again for all the help everyone.

    Once again this is the Cloud AV product, not the UTM based one + Transparent mode

Unfiltered HTML