Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 1930 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ATP on UTM FW - Looking for documentation on the feature

Yvon Leduc

Hello all.

I am new to using Sophos UTM firewalls. After upgrading from a very old version to just an old version, we started having issues where DNS replies would be blocked by ATP. We disabled ATP on the firewall and our name resolution started working again. Yesterday, we caught up at the patching level and tried to re-enable ATP. Still the same - the request goes out but replies are being blocked.

I did a search on ATP trying to get info on how the feature is supposed to be working and so far no luck. Any pointers toward documentation that would explain how the feature works and actual configuration would help.

Thanks



This thread was automatically locked due to age.
  • 0

    Salut Yvon and welcome to the UTM Community!

    Please copy a line or two here from the Intrusion Prevention log related to this issue.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob,

    I have not found any entries in the Intrusion Prevention Logs but found the followings; Data has been slightly sanitized. errno is probably a connection refused but as soon as disable aptp, name lookup starts working. Any idea?

    2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_connect]: connect failed, errno 111
    2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_disconnect]: aptp socket has been disconnected
    2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_connect]: connect failed, errno 111
    2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_disconnect]: aptp socket has been disconnected
    2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: dlz: client ADSvr-IP#51942, dsthost email-courriel.canada.ca - APTP_ERROR during lookup!
    2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: dlz: client ADSvr-IP#51942, dsthost email-courriel.canada.ca - APTP_ERROR during lookup!
    2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_connect]: connect failed, errno 111
    2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_disconnect]: aptp socket has been disconnected
    2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_connect]: connect failed, errno 111
    2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_disconnect]: aptp socket has been disconnected

  • 0 in reply to Yvon Leduc

    How does your configuration compare to DNS best practice?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML