Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
There's a specific website that I can't access. But I can access it when bypassing Sophos FW.
Musta Randolf and welcome to the UTM Community!
Guys, the hint in the log lines is statuscode="50?" - the server doesn't "like" our Proxy. If adding an Exception for Antivirus doesn…
Guys, the hint in the log lines is statuscode="50?" - the server doesn't "like" our Proxy. If adding an Exception for Antivirus doesn't resolve this problem, the only solution is to skip the Proxy.
Also, the folks at eastwestbanker.com might need to fix their authoritative name server entries. www.eastwestbanker.com resolves to 18.104.22.168 (a single A record), but both that IP and 22.214.171.124 have rDNS records pointing at www.eastwestbanker.com. I don't claim to be a student of DNS functionality, but if there's a reason to configure that way, it's unknown to me. Maybe some workaround for some sloppy coding of their website???
Cheers - Bob
Thank you for this.Can you teach me how to skip the Proxy?
To skip the proxy for a computer or website, you would go to
Web Protection >> Filtering options >> Misc >> Transparent Mode Skiplist >> Skip Transparent Mode Destination Hosts/Nets
You would add here the DNS or IP of the website.
If you add a computer under Skip Transparent Mode Source Hosts/Nets
This computer will skip the proxy for all of the connections.
Hi Sir Bob,
I tried putting the IP/DNS of the website. But still can't access it.
Please show a picture of the Edit of the solution that you tried.
Please see screenshot below.
If the "ContaInterNetwo" Web Filtering Profile is in 'Transparent' mode, please show pictures of the Edits of the two DNS Group objects in that picture.
Sorry, im totally noob.
Is this what you talking about Sir?
Yes, so we need to look at the Edits of the "Eastwest" and "eastwest2" definitions with the 'Advanced' section open.
I really dont know what I'm doing. Thanks for the help Bob.
Hmmm - that should work. Are you certain that you don't have your browser set for explicit proxy? If Web Filtering in Transparent mode sees an access to it from a browser configured to use it explicitly, Web Filtering will respond as if it were in Standard mode. How about a picture of your LAN Settings as below or the equivalent for the browser you're using?
And you're still seeing www.eastwestbanker.com in theWeb Filtering log? What are we not seeing?
Sorry. I'm totally lost. I don't know what to do.
You're still seeing www.eastwestbanker.com in the Web Filtering log?
OK, it's gotta be a DNS issue. www.eastwestbanker.com now resolves to 126.96.36.199, not to the IP listed in your log line. For some reason, your UTM and your desktop are getting different name resolution for that FQDN. Does clearing the DNS cache on your desktop resolve this? If not, please compare your configuration to DNS best practice.
Cheers - BobNOTE a few minutes later: Yuck, I see the problem now, the A record for that FQDN has a TTL of 30 seconds. That's not something I would expect a legitimate company to do. All you can do is ping that FQDN, note the IP, clear your DNS cache, wait for thirty seconds and start over. Once you have a list of all possible IPs, make a Host for each IP, put the Hosts in a Network Group and put that group in the Destination list - no point in having it in the Source list. Let us know!
Still the same.
I haven't tried the following, Randolf, but I think it should work to get a list of IPs:
zgrep 'www\.eastwestbanker\.com' /var/log/http/2020/12/* |grep -oP 'dstip=".*?"' |sort -n |uniq -c
Any luck with that?