Hey all,
We've always had intermittent issues with webpages not displaying due to the proxy but it's becoming increasingly common at a couple of sites. To be clear, I'm not sure if this is a Windows or Sophos problem.. so I'm just throwing it out there..
We're running Sophos UTM 9.509-3 on SG430 and our entire orgs traffic flows through here for internet connectivity..
The issue that we seem to be getting is that AD credentials are not getting passed on to the proxy for authentication so it drops.
The below shoes a failure not necessarily of category, but rather that there's no credentials.. so we drop the traffic..
2020:08:03-08:38:41 httpproxy[23464]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.100.30.39" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo5 (Wired Access)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3192" request="0xce54de00" url="online.corp.westpac.com.au/" referer="" error="" authtime="0" dnstime="0" cattime="121" avscantime="0" fullreqtime="6149952" device="1" auth="2" ua="" exceptions="" category="114" reputation="trusted" categoryname="Finance/Banking" reason="category"
2020:08:03-08:38:41 httpproxy[23464]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.100.30.39" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo5 (Wired Access)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3192" request="0xcd779600" url="online.corp.westpac.com.au/" referer="" error="" authtime="1" dnstime="0" cattime="274622" avscantime="0" fullreqtime="16651288" device="1" auth="2" ua="" exceptions="" category="114" reputation="trusted" categoryname="Finance/Banking" reason="category"
2020:08:03-08:39:14 httpproxy[23464]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.100.30.39" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo5 (Wired Access)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3192" request="0xcd4b0a00" url="online.corp.westpac.com.au/" referer="" error="" authtime="1" dnstime="0" cattime="103" avscantime="0" fullreqtime="210428" device="1" auth="2" ua="" exceptions="" category="114" reputation="trusted" categoryname="Finance/Banking" reason="category"
2020:08:03-08:48:36 httpproxy[23464]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.100.30.49" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo5 (Wired Access)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3192" request="0xce8b9e00" url="online.corp.westpac.com.au/" referer="" error="" authtime="1" dnstime="0" cattime="146" avscantime="0" fullreqtime="250887" device="1" auth="2" ua="" exceptions="" category="114" reputation="trusted" categoryname="Finance/Banking" reason="category"
Our previous workaround to this was to open good ol IE and it would pass on the credentials, which then appeared to cache and everyone was happy.. this no longer appears to be the solution..
I had the exact same problem on my computer recently.. everything failed because no credentials were being passed on.. IE, Chrome, Edge - all failing.. by opening a site in Firefox I was prompted with a proxy login and after that, all browsers start working..
I've manually restarted the proxy (/var/mdw/scripts/httpproxy restart) to no avail, and while I would like to restart the firewall that would be a major outage that is tricky during this whole COVID period.
Any suggestions about this one would be greatly appreciated..
thanks
Josh
This thread was automatically locked due to age.