This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Parent proxy not always used (and no user handed)

Hi,

we're using parent proxy for specific Domains. E.g. *.xyz and *.xyz.de

For some websites parent proxy is used, the destination IP in WebLog ist parent proxy, the user and group is also in log.

Other websites do not use parent proxy even if they should. destination IP in log is the real IP of the websever in the internet, user and group are empty.

We're using AD-Auth for proxy. So the websites which are not correctly classified for parent proxy are always blocked because of "407 - proxy auth required".

Workaround: Exeption, Skip Auth - but that's not what we want !

I already changed the order of parent proxies in Filter Action, tried to use full URL or IP - no effects.

Anyone with similar problems? solutions?

Greetings

This thread was automatically locked due to age.

Parents

0 BAlfson over 2 years ago

Please show a picture of the Edit of the Parent Proxy that's not capturing an access to a site and one of the Filter Action where it's used. Also, copy here the lines from the Web Filtering log related to this access.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 2 years ago

Please show a picture of the Edit of the Parent Proxy that's not capturing an access to a site and one of the Filter Action where it's used. Also, copy here the lines from the Web Filtering log related to this access.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 CBochynek over 2 years ago in reply to BAlfson

Hi,

Parentproxy for *.rlp.de and *rlp (some sites with .rlp are correctly passed to the parentproxy)

83.243.48.18 = svp-portal.service24.rlp.de/

Log: dstIP is 83.243.48.18, the parentproxy we want to use should be 10.*...
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 2 years ago in reply to CBochynek

Please copy here the text of that log line - the picture is unreadable.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Amodin over 2 years ago in reply to BAlfson

Bob, it's showing the pass action from internal (10.x) to the external IP address (83.x) with URL=the svp-portal.service24.rlp.de/ site. Looks like a standard pass action line.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel
0 CBochynek over 2 years ago in reply to BAlfson

httpproxy[3255]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.XXXX" dstip="83.243.48.18" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProWwwsoziale (http_access)" filteraction="REF_HttCffDefauConteFilte (Default content filter block action)" size="7475" request="0xa593100" url="">svp-portal.service24.rlp.de/" referer="" error="" authtime="0" dnstime="6" aptptime="106" cattime="0" avscantime="0" fullreqtime="2047495" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
Cancel
Vote Up 0 Vote Down

Cancel