Hello, guys! I will try to be short.
The power went out for a long period a couple days ago and that caused UTM to restart. Because of that web surfing through AD SSO suddenly stopped working. To be more specific, I have no idea why their credentials isnt being used and because of that users are getting blocked pages (obviously).
2023:01:04-03:08:46 asg220akrk httpproxy[13050]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="172.16.2.156" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffFilteActioCall (Filter Action Call Center)" size="3212" request="0x33e8c00" url="">consulta4.confirmeonline.com.br/" referer="" error="" authtime="2" dnstime="0" aptptime="0" cattime="0" avscantime="0" fullreqtime="206860" device="1" auth="2" ua="" exceptions=""
I´ve done a few things like: rejoining again, restarting proxy and even restarting UTM (I know, eek!).
I am not going to say about checking DNS forwarders, time sync between AD and Sophos, if FQDN (both ways) can be resolved and stuff like that because I consider this "home work" and I have already checked them. After all, everything was working smoothly.
It´s been a looong time I dont put in the work because I had a tech for that but he left a few days ago. So yeah, I have to get things done.
By the way, I read some issues in the current firmware (9.713-19) which is the one I am using but my problem doesnt seem one of them.
Appreciate any help!
This thread was automatically locked due to age.