Category ID?

Hi, we have a block in our web filter but struggling to find category ID 9998

Anybody know where the mapping sits or what it is?

Log as below:

2020:09:14-17:15:06 gw01-1 httpproxy[6885]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.100.2.241" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterLan16 (S01 - Server Management)" filteraction="REF_HttCffNfrs0ServePolic (S01-02 Server Policy)" size="3175" request="0xda10b100" url="">https://16.250.72.103/" referer="" error="" authtime="0" dnstime="0" aptptime="149" cattime="17303" avscantime="0" fullreqtime="469886" device="0" auth="0" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" reason="category"

  • Hello Louis,

    Thank you for contacting the Sophos Community!

    Category 9998 means "Uncategorized". It seems you are trying to access an IP? if that is the case, I would recommend you bypass this IP from the Web filter.

    Web Protection >> Filtering Options >> Misc >> Transparent Mode Skiplist  >> and enter the the IP under 

    Skip Transparent Mode Destination Hosts/Nets

    Regards,

     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • In fact, Louis, this IP has been categorized as "Uncategorized" as opposed to a website that hasn't been categorized.  In the 'Categories' list in a Filter Action, you can see the two different kinds of uncategorized:

      

    Frankly, I think the GUI should be changed to say 'Websites not categorized' instead of 'Uncategorized websites'.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • This particular one was for HPE's ILO's online. There was an IP alias of api.support.hpe.com and because the IP is liable to change, we can't really put an IP in. Seems it uses an IP rather than the FQDN which I assume was causing it to be uncategorized. We couldn't make an exception either due to changing IP's and we don't know the full list of those IP's neither would we want to as they are liable to change. So basically, api.support.hpe.com got chucked in proxy_exempt_group for destination and a FW rule from ILO_SOURCE>https>api.support.hpe.com got used. Would prefer to have got it sorted within the proxy though.

  • You're right, Louis, that's the only solution - shame on the HP coder!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA