This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFTP connections not passing through web filtering

Hello,

Some applications need to perform SFTP connections to Internet. Their setup was working fine on-prem but now migrated to AWS they don't.

In AWS we have UTM 9 with Web-Filtering as a proxy and connections are not passing through.

Instances in AWS use the UTM IP address and port 8080 as proxy settings in order to reach Internet. And the applications have the proxy setup too.

Application tries to SFTP 100.X.X.X using port 2222 but times out.

This is seen on the Live Log on WebFiltering...


2021:05:06-14:45:07 MYFIREWALL httpproxy[5182]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.10.10.19" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xa9f2e00" url="">https://100.X.X.X:2222/" referer="" error="Target service not allowed" authtime="0" dnstime="0" aptptime="0" cattime="0" avscantime="0" fullreqtime="1281" device="0" auth="0" ua="" exceptions=""

Comes to my attention that the UTM sees url = https on port 2222 when it was an SFTP connection. Can somebody comment on this?

To fix this I tried to setup a Generic Proxy rule [Web Protection>Avanced] but had same issue, same logs.

This is how the Rule looks like:

Interface: Internal (This is the only interface the UTM has)

service definition: tcp-2222

host: 100.X.X.X

service tcp-2222

Allowed networks 10.0.0.0

Thanks for your time and support!



This thread was automatically locked due to age.
Parents Reply Children
  • If the error in the server was at the same time as the request was sent by the UTM Web Proxy, 10:00:06, I would conclude that the server doesn't "like" the Proxy.  You would want to skip the Proxy for that server.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi At this point the App team is checking. I will revert. Thanks