This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

10061 Connection refused

Sophos UTM 9

I'm having an issue with an application that I wrote. It connects to a web service by the city of Vienna under the address http://data.wien.gv.at/ or IP 217.149.229.21:80 . When I run the application on a machine that is configured to use the Sophos proxy, I get the error 10061 "connection refused". When I run the application on a machine that connects directly to the Internet using our Cisco ASA Firewall, it works fine.

Here is the basic configuration:

I tried to find log entries including the above IP address, but didn't find any, neither in Webfilter log nor in the Firewall or Web Application Firewall log.

Where can I search for log entries concerning blocked connections?



This thread was automatically locked due to age.
  • Hello there,

    Thank you for contacting the Sophos Community.

    It seems your query is related to Sophos UTM, so I am moving this thread to that group.

    If you’re using the UTM as a Proxy, you will find information under  the http.log 

    Additionally to this, you could try to bypass the UTM Web Proxy by adding the destination IP under Web Protection >> Filtering Options >> Misc >> Transparent Mode Skiplist >> Skip Transparent Mode Destination Hosts/Networks, to help you narrow down if is the Web Filter that is blocking the connection.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hello Emmanuel,

    thank you for moving my thread to the right forum group!

    I did not find a HTTP log, only a HTTP daemon log (where I also could not find an entry with the IP 217.149.229.21). Maybe it has another name in the German version?

    Then for the web filter: I've added the IP under "Skip Transparent Mode Destination Hosts/Networks" as you see in the following screenshot

    But that didn't help.

    Also, I have a filter in the "exceptions" tab like this:

    I hope you have some further suggestions.

    Regards, Anne

  • Hello Anne,

    Thank you for the follow-up.

    Are you able to see the http.log under /var/log it should be under httpd.log

    Can you run the command below and share the output.

    # wget http://data.wien.gv.at/ 

    How many WAN connections do you have?

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hallo Anne - first I've seen you post here - welcome to the UTM Community!

    It looks like data.wien.gv.at has a TTL of less than five minutes.  That means that the "Stadt Wien" Host definition needs to be replaced by a DNS Host definition in the Transparent Mode Skiplist.

    However, if your server is explicitly using the Web Proxy (Standard mode), the Skiplist does not apply and you will need to configure the server to skip the Proxy for data.wien.gv.at.

    Cheers- Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you both for your help!
    Finally it turned out that the machines configured to use the Sophos proxy tried to access http://data.wien.gv.at directly over the Cisco ASA firewall, which refused the connection. I had to explicitly configure the Sophos proxy in my app's configuration file and now it works.
    Thanks again, Anne