Whenever an internal client device tries to access one of our internally hosted public web servers, the page is blocked by the UTM Firewall with the following message:
| 08:21:40 | WebAdmin connection attempt | HTTP |
|
→ |
|
|
- *.*.*.120 in the logs is the public IP address of the web server being accessed.
The "WebAdmin connection attempt" error is particularly weird, because our WebAdmin console is not available on that interface, IP, or port.
Clients on the Internet, from outside of our network, are able to access the sites successfully. It is only clients using the UTM proxy being blocked.
We are using 3 Sophos UTM components:
1. Web Filter - Our clients all access the internet through the Sophos proxy server in Standard mode.
2. Firewall - All of our global IPs are on Sophos UTM Interfaces protected by the firewall.
3. Web Application Firewall - Our publicly hosted web servers are configured behind this.
Sophos support told me to use the browser settings to proxy bypass. This doesn't work, and frankly doesn't make any sense to me as a solution. The client would still be routed in and out of the same interfaces regardless.
One potential solution is split DNS. Unfortunately the internal web server is on a non-standard port, so this is less than ideal for our clients.
Any assistance would be very appreciated! I've seen this sort of problem posted many times on the Sophos forums, but haven't found any posts with a solution.
This thread was automatically locked due to age.
