Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 6 subscribers
  • Views 19371 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No blocking websites

VladimirChalnik

Hi

UTM 9.4

I have installe the Endpoint Agent on my notebook from home.

Endpoint Protection Status

I see my notebook on UTM,

Endpoint Protection

Computer Management > i enable the web control.

In Manage Groups > web control: enable

Web Protection

In Web Filter Profiles > add new profile (Allowed Networks: internal network, operation mode: transparent mode, Allowed endpoint groups: default)

Filter action > Default content filter action > Websites > Block These Websites > i add ngs.ru (for example)

But, this website no blocking...

If i go to  Manage Groups > web control: and change to disable

connect the notebook to network from UTM, the website is blocking



This thread was automatically locked due to age.
Parents
  • 0

    I am finding the exact same behavior as you with 9.4.  I think Web Protection for Endpoints has a lot of bugs at this version of code.  I'm not sure why we aren't hearing anything on these forums.

  • 0 in reply to RickDunsirn

    Guys, please insert pictures of the relevant configurations.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    I have more information on this error in this forum:

    https://community.sophos.com/products/unified-threat-management/f/52/p/75973/292257#292257

    I can post configuration pictures as well...but basically I have Endpoint Protection turned on and Web Control turned on.  It appears the agent on the client endpoint is receiving information for malware and virus, but if I look in the directory on the endpoint:  C:\ProgramData\Sophos\Web Control\Policy, there is nothing populating in there, so there is no protection.  

    I did try to install Sophos Home (cloud based protection), and this worked just fine!  The directory C:\ProgramData\Sophos\Web Control\Policy populated with policy as I added block and allow rules to the web control part of the cloud-based version.  However, the UTM Endpoint Web Control doesn't appear to be working for some reason.  I've tried this on both Windows 7 and Windows 10 and experience the same behavior.  I've also tried 9.355 and 9.353 with the same behavior.  In all these cases, I've installed the client and UTM from scratch.  This is also a home license of the UTM.

    Thanks!

  • 0 in reply to BAlfson

    I need help...

    Firmware version: 9.406-3

    I have install the agent on win10

    Device policy is work fine.

    but it no blocking websites...

     

  • 0 in reply to VladimirChalnik

    Vladimir, the fifth picture is of the Global Default Profile.  It doesn't offer the option to control Endpoint Web Browsing - that only exists in a Web Filtering Profile.  Go to that section and add a Profile for your Default Endpoint Group.  Does it work for you now?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    thank you very much for the answer
    I realized it is already a few days ago, but it does not help me,

  • 0 in reply to VladimirChalnik

    It takes awhile for the UTM to transmit the new configuration to the Cloud and then for the Endpoint to update itself.  Please check the sub-directory again in about an hour.  I really expect it to take about 15 minutes.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I can not solve this problem 3 weeks, tried different versions ...
    today waited the whole day, yesterday -all night ..

    it's just not working for me?

     

    ...The sophos home + agent work fine...

  • 0 in reply to VladimirChalnik

    just after the end of the agent installation, I get this message

  • 0 in reply to BAlfson

    I'm sorry, maybe you have any idea about me?

  • 0 in reply to VladimirChalnik

    The policy fragments are brought down from the WDX service using the swi_service.exe - Sophos Web Intelligence service.

    We would really need to see the logs from that.  To enable them, under the web intelligence registry key (HKLM\software\wow6432node\sophos\web intelligence), create a new DWORD called LogLevel and set it to 3.  Maybe 4 but that could be too much detail.

    Then restart the swi_service service.  You should see in the swis diag log file (\windows\temp\) reference to the URLs to get the index file (you can find the same GUID as displayed in the UI of the UTM) and then the requests for the fragments referenced in the index.  This is all from memory, sorry I can't be more specific with the details but that log show the problem.

    Regards,

    Jak

Reply
  • 0 in reply to VladimirChalnik

    The policy fragments are brought down from the WDX service using the swi_service.exe - Sophos Web Intelligence service.

    We would really need to see the logs from that.  To enable them, under the web intelligence registry key (HKLM\software\wow6432node\sophos\web intelligence), create a new DWORD called LogLevel and set it to 3.  Maybe 4 but that could be too much detail.

    Then restart the swi_service service.  You should see in the swis diag log file (\windows\temp\) reference to the URLs to get the index file (you can find the same GUID as displayed in the UI of the UTM) and then the requests for the fragments referenced in the index.  This is all from memory, sorry I can't be more specific with the details but that log show the problem.

    Regards,

    Jak

Children
Unfiltered HTML