This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.509-3 - Webpage Timeouts in Chrome after upgrade 9.509-3 in transparent mode

Hi

Since upgrading to 9.509-3 I have been having difficulties with random websites (amazon, scan.co.uk and others)  timing out when using Google chrome. I've inspected the logs and cannot see any issues at all. I've cleared the cookies/cache, re-installed the browser but now exhausted my options. I am in no doubt the problem lies directly with chrome as the websites have no issues in Firefox, Internet Explorer, Edge.

My setup is;

SG-210 in Transparent mode with SSO and STAS configured

When the pages time out, the following is displayed;

This error is completely random and doesn't appear on other UTMs using older firmware. It seems to break for random websites whilst still allowing me to browse others. Everything was working fine up until the upgrade.

Any ideas would be appreciated

Thanks



This thread was automatically locked due to age.
  • Okay so this morning i've spent some more time on this.

    I tried decrypt & Scan and that did not have any effect at all, so all three solutions suggested by DouglasFoster do not resolve the problem for my setup.

    What i have discovered though is that if it is an authentication issue, the authentication is not being cached. For example, i can type in manually www.amazon.co.uk which will open successfully in Chrome.  If i just type amazon.co.uk in the same browser window (directly afterwards), i will get the timeout and also a firewall entry

    Upon checking the web filter logs, this request appears to be blocked from reaching the web filter at all. The ip address 192.168.1.254 is the LAN interface of the UTM.

    I'm tired so maybe i'm missing something but I can't fathom why this issue only affects certain https websites. In one session, i can browse various https websites without issue but there are two websites in particular i can reliably re-produce this problem with, which are amazon.co.uk and scan.co.uk.

  • Mark, this looks like a problem with your PC or browser.  Why would you get name resolution to a local IP?

    Moreover, the www. FQDN resolves to (13.33.105.73), and the other to 54.239.33.58.

    You might have a DNS configuration error, but none of this makes sense to me.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Same here Bob

    Makes no sense to me either and its not just my PC that's affected.  I've re-tested and can re-produce the problem so i'm not going Mad (just yet)

    The only browser i can't break it with is Edge, all sites work first time with that seamlessly.

    Heres the full firewall log for those "drops"

     

    2018:08:16-23:22:39 network-ho ulogd[14795]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="1c:1b:0d:99:77:f8" dstmac="00:1a:8c:51:6a:d6" srcip="192.168.1.55" dstip="192.168.1.254" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="55484" dstport="443" tcpflags="SYN" 
  • And with my last post, i think the "penny" may have just dropped!

    I've just noticed that the host entry for my servers that are used for STAS have been used in some rules. This is bad as they have an interface set!

    I am going to go through all my rules settings to remove these hosts and replace them with <any> interface versions.

    I'll report back after some more testing

  • In the other browsers, don't select automatic for the proxy settings - does that fix this?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • No joy

    I'm still getting random firewall drops from local ip to ~UTM LAN IP for port 443.

    Back to the drawing board i guess...........

  • on the 2 of July i wrote that I expect the answer before christmas.

    Now I change to easter!!! HAHAHAAHAH ;)

  • After 5 month the issue is solved!!!!!!

     

    The sophos support suggested to switch off the ssl scanning ----------------------------> No Way!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    Funny to disable security features ;)

     

    But this unbelievable answer gave us a new Idea

    UTM Auto Proxy

    This two links helped us:

     

    https://www.fastvue.co/sophos/blog/sophos-utm-auto-proxy-configuration-3-simple-steps/

    https://proxyforurl.thorsen.pm/

     

    Greets

    Tom