Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 4 subscribers
  • Views 2806 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How does web filtering rules apply?

Prakhar Jalan1

Hello,

We have 4 terminal servers for which we have defined a web filtering policy. All the servers have an internal application installed which reaches out to the internet on port 9009 to update some information within the application. We have allowed this port under Web Protection > Filtering Options > Misc. > Allowed Target Services.

Also, we have defined a firewall rule to allow the servers reach out to "Any" on port 9009.

Still, the application isn't able to get the desired information when the web filtering rule is ON. When its OFF, everything works perfectly. However, we are not able to figure out what could be the issue.

Any help will be appreciated.

Thanks! 



This thread was automatically locked due to age.
  • 0

    if Web Filter catches the port 9009 traffic, the FW rule don't trigger  ... 

    And i think WebFilter can't recognize the 9009 traffic...

    Try to remote Port 9009 from "Allowed Target Services"


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Hello Dirkkotte!

    What exactly do you mean by "try to remote port 9009 from allowed target services"

    Prakhar Jalan

  • 0 in reply to Prakhar Jalan1

    Sorry ... what i mean: "remove port 9009 from allowed target services"


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Its ok. Yeah, I tried that too. Didn't work.

    Prakhar Jalan

  • 0

    Namaste,

    'Allowed Target Services' do not apply if the traffic isn't in Standard mode.  That is, the server must explicitly use the UTM as a proxy.  Even if Web Filtering is in Transparent mode, the Proxy will treat the request as if it were in Standard mode.  Did that resolve your problem?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello BAlfson!

    Ok, that is an insight for me. However, what if I don't want to use the Standard Mode? Compared to Transparent Mode, it seems to have a bit more config. overhead. What if I want to keep Transparent Mode and still allow Port 9009? It's not possible?

    Thanks! 

    Prakhar Jalan

  • 0 in reply to Prakhar Jalan1

    You don't need to use Standard mode for everyone.  You just need the application to use the UTM as a web proxy.  Web Filtering in transparent mode will see that the web request is aimed at its IP and it will handle the request as if it were in Standard mode.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML