Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 2108 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic allowed although policy test says 'blocked'

JoergH

Hello All,

I'm having a weird problem here. I want to block a server completely from accessing the internet. What I've done:

- Created a firewall rule that blocks all traffic. Checked it, works for any port except FTP/HTTP/HTTPS (as expected, as I do have web filtering enabled)

- Added a 'block all' web filtering policy for this host

- Did a policy check for this hosts' IP to, say, www.dlr.de -> Result blocked, so OK!

- Did a 'wget www.dlr.de' from the host itself - works, so NOT OK?!?

- Turn off web filtering

- Did a 'wget www.dlr.de' from the host itself - doesn't work any more

So it's definitely web filtering, but policy check everything is fine. Can anybody sched some light on what might be going wrong here?

Thank you,

   Jörg



This thread was automatically locked due to age.
  • 0

    I would check the webfilter live-log.

    There you should see the access and the reason why it is allowed.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Thank you for your suggestion. Now that is super weird! I just did that and noticed that since 08/20 no more accesses have been logged.

    I'll restart the UTM as soon as possible, but this definitely looks like a UTM problem to me, no?

    Version is 9.701-6, I need to update anyways, but it's always scary from the home office.

    Thank you and best regards,

        Jörg

  • +1 in reply to JoergH

    Arrgh! Never mind, my bad. There was an entry to the transparent host skip list, which caused this.

    Thank you,

        Jörg

  • 0

    Hallo Jörg and welcome to the UTM Community!

    You found your problem, I see.  You still might be interested in #2 in Rulz (last updated 2019-04-17) for solving similar problems in the future.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob,

    thank you. Yes, I already did that - it doesn't menition the transparent skip list, though. It would also be nice, if the 'policy check' would check against this list explicitly. It would have saved me some headache ;-)

    Regards,

        Jörg

Unfiltered HTML