Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 14 replies
  • Subscribers 3 subscribers
  • Views 5377 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client does not use WebProtection feature although transparent proxy for network is active

Rumak18

Hi folks,

 

as already in the subject described, i've got a client that uses a ftp connection to an external ip (TCP 21) and the network is listed within the networks for the transparent proxy that also services for FTP service. Unfortunately all clients in this network try to go to this external ip through "Network Firewall". There is also no skip list so i just don't get why the proxy for FTP is not working. Any ideas?



This thread was automatically locked due to age.
  • 0 in reply to Rumak18

    Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  Please post one line corresponding to the Live Log line you just mentioned.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Ok, so here is the log from firewall:

     

    09:58:57     Default DROP     TCP        10.10.0.10:49576    →     WWW.XX.YY.ZZZ:8080         [SYN]     len=52     ttl=125     tos=0x00     srcmac=64:9e:f3:17:51:c1 dstmac=00:1a:8c:f0:ba:20

     

    No entry for this event in webproxy log.

  • +1 in reply to Rumak18

    The Transparent Filters do not handle non-standard ports like 8080, so the packet will be handled by the firewall rules.

    Transparent filters are triggered by destination port number, not by protocol.

    • Transparent Web handles ports 80 and 443 only.
    • Transparent FTP handles port 21 only.
    • Traffic for all other ports will be ignored by the proxy, and will be handled by Firewall Rules.

    Standard Web filters are triggered by protocol, not by port number.

    • Standard web supports URLs with http, https, and ftp protocols.   
    • Some applications create their own protocols (e.g. HTTX).  These are unsupported and will be blocked.
    • Standard web can handle any port number, so no ports are ignored.  As a matter of policy it blocks non-standard ports by default.   So out-of-the box, it will process ports 21, 80, and 443 while blocking all others.  You can tell Standard Web to process non-standard ports like 8080 by adding them to the "Allowed Target Services" list on the Misc(ellaneous) tab.  When this is done, all of the normal filtering rules are applied to the non-standard port.

    Standard FTP should never be used.

    • If enabled, it will cause web browsers to hang if they attempt to use an FTP:// address
    • Although it will work with proxy-aware FTP clients, proxy-aware FTP clients generally support multiple proxy methods, and the HTTP (Standard Web) proxy method should be used instead, as it is a much more sophisticated tool.
  • 0 in reply to DouglasFoster

    Great description. Thank you!

Unfiltered HTML