This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't Access Specific Website

Masters!

There's a specific website that I can't access. But I can access it when bypassing Sophos FW.

2020:11:23-07:27:40 utm httpproxy[1587]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="172.26.46.9" dstip="203.177.229.122" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaInterNetwo (Allow All)" filteraction="REF_HttCffAllow (allow)" size="517" request="0xd3c34700" url="">www.eastwestbanker.com/" referer="" error="Connection timed out" authtime="0" dnstime="102914" aptptime="483" cattime="44162" avscantime="0" fullreqtime="127336388" device="0" auth="0" ua="" exceptions="sandbox,ssl,certcheck,certdate" category="114" reputation="neutral" categoryname="Finance/Banking"
2020:11:23-07:27:40 utm httpproxy[1587]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="172.26.46.9" dstip="203.177.229.122" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaInterNetwo (Allow All)" filteraction="REF_HttCffAllow (allow)" size="517" request="0xda86aa00" url="">www.eastwestbanker.com/" referer="" error="Connection timed out" authtime="0" dnstime="103014" aptptime="429" cattime="44316" avscantime="0" fullreqtime="127336458" device="0" auth="0" ua="" exceptions="sandbox,ssl,certcheck,certdate" category="114" reputation="neutral" categoryname="Finance/Banking"
2020:11:23-07:38:52 utm httpproxy[1587]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="172.26.46.9" dstip="203.177.229.122" user="" group="" ad_domain="" statuscode="504" cached="0" profile="REF_HttProContaInterNetwo (Allow All)" filteraction="REF_HttCffAllow (allow)" size="0" request="0xd6b27100" url="">www.eastwestbanker.com/" referer="" error="Connection to server timed out" authtime="0" dnstime="261398" aptptime="109" cattime="144" avscantime="0" fullreqtime="61113784" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) QtWebEngine/5.15.1 Chrome/80.0.3987.163 Safari/537.36" exceptions="sandbox,ssl,certcheck,certdate" category="114" reputation="neutral" categoryname="Finance/Banking"
Can you help me find the cause of this?
Thank you!


This thread was automatically locked due to age.
Parents Reply Children
  • OK, it's gotta be a DNS issue. www.eastwestbanker.com now  resolves to 58.71.116.122, not to the IP listed in your log line.  For some reason, your UTM and your desktop are getting different name resolution for that FQDN.  Does clearing the DNS cache on your desktop resolve this?  If not, please compare your configuration to DNS best practice.

    Cheers - Bob
    NOTE a few minutes later: Yuck, I see the problem now, the A record for that FQDN has a TTL of 30 seconds.  That's not something I would expect a legitimate company to do.  All you can do is ping that FQDN, note the IP, clear your DNS cache, wait for thirty seconds and start over.  Once you have a list of all possible IPs, make a Host for each IP, put the Hosts in a Network Group and put that group in the Destination list - no point in having it in the Source list.  Let us know!

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I haven't tried the following, Randolf, but I think it should work to get a list of IPs:

    zgrep 'www\.eastwestbanker\.com' /var/log/http/2020/12/* |grep -oP 'dstip=".*?"' |sort -n |uniq -c

    Any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA