Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 1946 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Exception Rules not working, Firewall rules do.

Daniel Kirin

Hi All,

Since updating to 9.601 we are unable to install any Internet connected applications via the PRoxy

We use Standard Proxy

For example - Sophos Central - It fails to download and connect to the Cloud controller.

We have the necessary Exceptions created but when doing a tcpdump, it's trying to hit the Firewall (shows packets dropped) instead of the web filtering exceptions.

Same as Teamviewer etc as well.

If we create a test Firewall Rule such as - Source (Any) Port (Any) Destination (Any) and turn off the proxy on the Clients, it works 100%.

Is anyone else having similar issues?

 




This thread was automatically locked due to age.
Parents
  • 0

    I believe this has been discussed previously in this forum.

    There is a byte-range transfer method which is often used for file downloads.   From a security standpoint, this is a problem, because it turns the web session into an arbitrary blur of binary characters, which are impossible to interpret for hostile content.   

    I believe version 9.6 cracked down on this feature, and so a lot of download-manager tools no longer work, and you will have to create exceptions for the ones that you want to allow.   My guess is that all you need is to disable Antivirus checking.   If that is insufficient, you might need to disable mime type checking as well.  To be certain, ask support, as I have not yet upgraded to 9.6x

Reply
  • 0

    I believe this has been discussed previously in this forum.

    There is a byte-range transfer method which is often used for file downloads.   From a security standpoint, this is a problem, because it turns the web session into an arbitrary blur of binary characters, which are impossible to interpret for hostile content.   

    I believe version 9.6 cracked down on this feature, and so a lot of download-manager tools no longer work, and you will have to create exceptions for the ones that you want to allow.   My guess is that all you need is to disable Antivirus checking.   If that is insufficient, you might need to disable mime type checking as well.  To be certain, ask support, as I have not yet upgraded to 9.6x

Children
No Data
Unfiltered HTML