This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Protection, reset to the default settings

Hello,

we have UTM 9 with the Webprotection active.

In the last few weeks we have the problem that we not can open two websites. When i opening this website, the proxy give me an error "Connection to server timed out".

On another computer with no proxy work the site perfect. I have look in this community for a solution, but nothing helped.

Our infrastructure is like this:

- Sophos SG230 UTM 9 Firmware version 9.508-10

- Webprotection: Standard Mode

- The URLs are allowed when i make a policy Helpdesk Check

I have already done the following checks:

- Exeption for the URL, did not do anything

- ECN is deactivated

I have found a post in this community, which has reset the sophos (https://community.sophos.com/products/unified-threat-management/f/german-forum/62880/sophos-connection-to-server-timed-out).

Now is my question, is it possibel to reset only the webprotection part?

 

Best regard

matthew



This thread was automatically locked due to age.
  • Hallo Matthew and welcome to the UTM Community!

    I doubt that you want to reset Web Filtering.  Please show the line from the Web Filtering log when your access is blocked.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Here is the log entry,

    2018:04:19-10:50:42 chbeid123456 httpproxy[6092]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.240.194" dstip="188.225.61.219" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="190" request="0xde573800" url="https://fancygrid.com/" referer="" error="Connection timed out" authtime="0" dnstime="2" cattime="165" avscantime="0" fullreqtime="127235852" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" exceptions="" category="175" reputation="trusted" categoryname="Software/Hardware"

    Best regards

    matthew

     

  • A statuscode="5.."  is an indication that the web server doesn't like the Proxy.  First, try an Exception for anti-virus for this site.  I don't think that will solve the problem in this case, so add a DNS Host for fancygrid.com to the Transparent Mode Skiplist.

    Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It‘s standard mode, so the skiplist has no effect.

    Try adding the domain to your browsers ‚direct connection‘-list or to the wpad.dat (or a proxy.pac). If the UTM is the default gateway, too you have to allow the connection via firewal rule then.

    Gruß / Regards,

    Kevin
    Sophos CE/CA (XG+UTM), Gold Partner

  • Hello Bob and Kevin,

    i do that with the Browser and the firewall rule and it works for me.

    The anti-virus exeption has brought no improvement.

    I hope it needs no more exeption sites...

    Best regards

    Matthew

  • I read right past Standard in the original post, Matthew.

    Please mark Kevin's post as the answer (This helped me).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA