This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Transparent Proxy / SSO issues

Hey all,

 

We've always had intermittent issues with webpages not displaying due to the proxy but it's becoming increasingly common at a couple of sites. To be clear, I'm not sure if this is a Windows or Sophos problem.. so I'm just throwing it out there..

 

We're running Sophos UTM 9.509-3 on SG430 and our entire orgs traffic flows through here for internet connectivity..

 

The issue that we seem to be getting is that AD credentials are not getting passed on to the proxy for authentication so it drops. 

The below shoes a failure not necessarily of category, but rather that there's no credentials.. so we drop the traffic.. 

2020:08:03-08:38:41 httpproxy[23464]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.100.30.39" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo5 (Wired Access)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3192" request="0xce54de00" url="online.corp.westpac.com.au/" referer="" error="" authtime="0" dnstime="0" cattime="121" avscantime="0" fullreqtime="6149952" device="1" auth="2" ua="" exceptions="" category="114" reputation="trusted" categoryname="Finance/Banking" reason="category"
2020:08:03-08:38:41 httpproxy[23464]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.100.30.39" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo5 (Wired Access)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3192" request="0xcd779600" url="online.corp.westpac.com.au/" referer="" error="" authtime="1" dnstime="0" cattime="274622" avscantime="0" fullreqtime="16651288" device="1" auth="2" ua="" exceptions="" category="114" reputation="trusted" categoryname="Finance/Banking" reason="category"
2020:08:03-08:39:14 httpproxy[23464]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.100.30.39" dstip=""  user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo5 (Wired Access)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3192" request="0xcd4b0a00" url="online.corp.westpac.com.au/" referer="" error="" authtime="1" dnstime="0" cattime="103" avscantime="0" fullreqtime="210428" device="1" auth="2" ua="" exceptions="" category="114" reputation="trusted" categoryname="Finance/Banking" reason="category"
2020:08:03-08:48:36 httpproxy[23464]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.100.30.49" dstip=""  user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaInterNetwo5 (Wired Access)" filteraction="REF_DefaultHTTPCFFBlockAction (Default content filter block action)" size="3192" request="0xce8b9e00" url="online.corp.westpac.com.au/" referer="" error="" authtime="1" dnstime="0" cattime="146" avscantime="0" fullreqtime="250887" device="1" auth="2" ua="" exceptions="" category="114" reputation="trusted" categoryname="Finance/Banking" reason="category"

 

Our previous workaround to this was to open good ol IE and it would pass on the credentials, which then appeared to cache and everyone was happy.. this no longer appears to be the solution..

 

I had the exact same problem on my computer recently.. everything failed because no credentials were being passed on.. IE, Chrome, Edge - all failing.. by opening a site in Firefox I was prompted with a proxy login and after that, all browsers start working..

 

I've manually restarted the proxy (/var/mdw/scripts/httpproxy restart) to no avail, and while I would like to restart the firewall that would be a major outage that is tricky during this whole COVID period.

 

Any suggestions about this one would be greatly appreciated..

 

thanks

 

Josh



This thread was automatically locked due to age.
Parents Reply
  • Seems a customer have the same issue with UTM 9.703-3

     

    Also transparent mode with AD-Auth

    No user details in Webfilter Log for http/https... -> Error 407

     

    (We tried to switch to Standard Mode -> working as ecpected and I see user details in Webfilter Log - so normally no SSO problem)

     

    Support case is open.

     

    regards

Children
No Data