Hello all.
I am new to using Sophos UTM firewalls. After upgrading from a very old version to just an old version, we started having issues where DNS replies would be blocked by ATP. We disabled ATP on the firewall and our name resolution started working again. Yesterday, we caught up at the patching level and tried to re-enable ATP. Still the same - the request goes out but replies are being blocked.
I did a search on ATP trying to get info on how the feature is supposed to be working and so far no luck. Any pointers toward documentation that would explain how the feature works and actual configuration would help.
Thanks
Salut Yvon and welcome to the UTM Community!
Please copy a line or two here from the Intrusion Prevention log related to this issue.
Cheers - Bob
Hello Bob,
I have not found any entries in the Intrusion Prevention Logs but found the followings; Data has been slightly sanitized. errno is probably a connection refused but as soon as disable aptp, name lookup starts working. Any idea?
2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_connect]: connect failed, errno 1112021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_disconnect]: aptp socket has been disconnected2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_connect]: connect failed, errno 1112021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_disconnect]: aptp socket has been disconnected2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: dlz: client ADSvr-IP#51942, dsthost email-courriel.canada.ca - APTP_ERROR during lookup!2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: dlz: client ADSvr-IP#51942, dsthost email-courriel.canada.ca - APTP_ERROR during lookup!2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_connect]: connect failed, errno 1112021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_disconnect]: aptp socket has been disconnected2021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_connect]: connect failed, errno 1112021-12-10T00:17:33.545988+00:00 sophos1 2021: 12:10-00:16:34 sophos1-1 named[5763]: [tid 4147604336]: [aptp_disconnect]: aptp socket has been disconnected
How does your configuration compare to DNS best practice?