This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No blocking websites

Hi

UTM 9.4

I have installe the Endpoint Agent on my notebook from home.

Endpoint Protection Status

I see my notebook on UTM,

Endpoint Protection

Computer Management > i enable the web control.

In Manage Groups > web control: enable

Web Protection

In Web Filter Profiles > add new profile (Allowed Networks: internal network, operation mode: transparent mode, Allowed endpoint groups: default)

Filter action > Default content filter action > Websites > Block These Websites > i add ngs.ru (for example)

But, this website no blocking...

If i go to  Manage Groups > web control: and change to disable

connect the notebook to network from UTM, the website is blocking



This thread was automatically locked due to age.
  • The policy fragments are brought down from the WDX service using the swi_service.exe - Sophos Web Intelligence service.

    We would really need to see the logs from that.  To enable them, under the web intelligence registry key (HKLM\software\wow6432node\sophos\web intelligence), create a new DWORD called LogLevel and set it to 3.  Maybe 4 but that could be too much detail.

    Then restart the swi_service service.  You should see in the swis diag log file (\windows\temp\) reference to the URLs to get the index file (you can find the same GUID as displayed in the UI of the UTM) and then the requests for the fragments referenced in the index.  This is all from memory, sorry I can't be more specific with the details but that log show the problem.

    Regards,

    Jak

  • Thanks for the answer.
    now I have another problem (maybe not just me)
    I can not install the agent, the installation is infinite time...

     

    like that for several hours...

    reinstalled the windows many times...

     

    and Sophos LiveConnect go to offline, online, offline, online...

  • Is this a machine on which you've installed Sophos anti-virus in the past?  If so, then look for the KnowledgeBase article that tells you how to remove that before installing.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • thanks for your reply.

    No, it new windows.
    every time I install a new windows
    powerful processor + SSD in Raid 0, make it possible to very quickly.

  • Hi All,

    Verify the following information:

    > Sophos Endpoint Agent is installed with Administrator rights.

    > No exception policy is configured in the web protection. 

    > Check the live logs for endpoint protection and verify if the UTM is able to connect with the Live Connect servers. Post the logs here.

    > Refer https://community.sophos.com/kb/en-us/11056 and verify if the endpoint protection on the system is up2date.

    Please provide me these details before we proceed further.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.