This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.4 Endpoint Web Protection is NOT working

I've noticed that after a clean install of 9.4, Endpoint Web Protection logs are not populating on my UTM and my endpoints (Windows 10) appear to be able to surf anywhere without any protection.  The Sophos Agent shows Web Control enabled, but it is not blocking sites that it's supposed to.  I'll reiterate, I have cleanly installed 9.400-9 and have refreshed from scratch the Endpoint Protection and I'm still seeing the issue (this was not an upgrade...after the upgrade, this failed as well, so I did everything from scratch and still see the issue).  My endpoints are showing up just fine under Endpoint Protection on the gateway and the antivirus appears to be working, just not the web protection.  Here is a sample of the Endpoint Protection Logs:

2016:03:25-10:11:27 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:11:27 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2016:03:25-10:13:15 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:13:15 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2016:03:25-10:15:03 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:15:03 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2016:03:25-10:17:46 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:17:46 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2016:03:25-10:19:04 rickshome epsecd[10796]: I main::_log:435() =>  severity="info" sys="System" sub="eplog" name="curl_base_url: e53611b9-7d74-339e-b3f2-4e2addb92ca2-wdx-7d74.broker.sophos.com/.../"
2016:03:25-10:19:34 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:19:34 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2016:03:25-10:19:35 rickshome epsecd[10282]: I id="4233" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy Changeset"
2016:03:25-10:19:38 rickshome epsecd[10282]: I id="4213" severity="info" sys="System" sub="epsecd" name="User triggered changes in webadmin"
2016:03:25-10:22:21 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:22:21 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"
2016:03:25-10:23:16 rickshome epsecd[10282]: I id="4233" severity="info" sys="System" sub="epsecd" name="Sending data to Sophos LiveConnect to sync UTM Web Policy Changeset"
2016:03:25-10:23:19 rickshome epsecd[10282]: I id="4213" severity="info" sys="System" sub="epsecd" name="User triggered changes in webadmin"
2016:03:25-10:24:12 rickshome epsecd[10282]: I id="4211" severity="info" sys="System" sub="epsecd" name="Received report(s) from Sophos LiveConnect"
2016:03:25-10:24:12 rickshome epsecd[10282]: I id="4212" severity="info" sys="System" sub="epsecd" name="Acknowledging report(s)" reports="-1"

I do see the reports coming in, but I'm a little bit concerned on the "-1" for acknowledgement.

Any ideas on what I can do next? If you need more information, please let me know!


This thread was automatically locked due to age.
Parents
  • Rick, what  do you have in 'Allowed Endpoint Groups' in the Web Filtering Profile and is the computer in one of those groups and have you removed the old Endpoint installation and installed from the new 9.4 setup?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Rick, what  do you have in 'Allowed Endpoint Groups' in the Web Filtering Profile and is the computer in one of those groups and have you removed the old Endpoint installation and installed from the new 9.4 setup?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Hi there,

    For "Allowed Endpoint Groups", in the web filtering profile, I have the "Default" endpoint group (which is the only option given).  In my "Default" endpoint group are all my endpoint computers.

    I have created a brand new Windows 7 and Windows 10 system and installed from scratch to ensure there were no remnants of the old installation.  None of this has fixed the issue. :(  Endpoint is seeing my systems and it even appears to be updating the antivirus and it can disable and enable the tamper protection.  It's just the web protection that appears to be having issues (both sending policy to the clients and getting reports back from the clients).

    Thanks for looking into this!