This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFTP connections not passing through web filtering

Hello,

Some applications need to perform SFTP connections to Internet. Their setup was working fine on-prem but now migrated to AWS they don't.

In AWS we have UTM 9 with Web-Filtering as a proxy and connections are not passing through.

Instances in AWS use the UTM IP address and port 8080 as proxy settings in order to reach Internet. And the applications have the proxy setup too.

Application tries to SFTP 100.X.X.X using port 2222 but times out.

This is seen on the Live Log on WebFiltering...


2021:05:06-14:45:07 MYFIREWALL httpproxy[5182]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.10.10.19" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xa9f2e00" url="">https://100.X.X.X:2222/" referer="" error="Target service not allowed" authtime="0" dnstime="0" aptptime="0" cattime="0" avscantime="0" fullreqtime="1281" device="0" auth="0" ua="" exceptions=""

Comes to my attention that the UTM sees url = https on port 2222 when it was an SFTP connection. Can somebody comment on this?

To fix this I tried to setup a Generic Proxy rule [Web Protection>Avanced] but had same issue, same logs.

This is how the Rule looks like:

Interface: Internal (This is the only interface the UTM has)

service definition: tcp-2222

host: 100.X.X.X

service tcp-2222

Allowed networks 10.0.0.0

Thanks for your time and support!



This thread was automatically locked due to age.
Parents Reply
  • Where do you see Algorithm negotiation Failed, Mauricio?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • This is the error message seen in the server after attempting the connection.

    Later I had to setup another service definition for SSH, using same method described before and this connection succeed. Another evidence that access was allowed fine.