Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 4 subscribers
  • Views 2674 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Protection | Web Filtering - isn't partial working - often reloading the config

Andreas Czech

Hi to all,

I've a stress problem -> the Web Filtering reloads every 4-10min. The good thing is -> it don't affects the ability to surf. After google for several Days and set the UTM from the Image up, I have no solution then to post here.

My Situation:

DNS: all internal networks and the VPN network, Forwards: the standard NTP Group (Pool)

Certificates: not changed (Standard)

I read in some Google Posts it is related to DNS or Certificates.

The Web Filtering works for the VPN Clients (separate profile), but not for my Internal network

Furthermore I've attached my Webfiltering Live Log

2022:05:29-13:53:02 sg105 URID[5148]: T=5148 ------ 2 - Warning: EARLY TIMEOUT: dns context 1 has 5895 ms before it should time out\n
2022:05:29-13:53:02 sg105 URID[5148]: T=5148 ------ 2 - Warning: EARLY TIMEOUT: dns context 0 has 5894 ms before it should time out\n
2022:05:29-13:53:02 sg105 URID[5148]: T=5148 ------ 2 - Warning: EARLY TIMEOUT: dns context 2 has 5894 ms before it should time out\n
2022:05:29-13:53:02 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="658" message="reloading config done, new version 26"
2022:05:29-13:53:03 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.4" dstip="23.53.172.52" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="13631" request="0xda8ca700" url="">https://bag.itunes.apple.com/" referer="" error="" authtime="0" dnstime="275068" aptptime="1705" cattime="4618816" avscantime="0" fullreqtime="5183282" device="0" auth="0" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" application="itunes" app-id="246"
2022:05:29-13:53:08 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.4" dstip="216.58.212.174" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="8675" request="0xda9c7500" url="">https://www.youtube.com/" referer="" error="" authtime="0" dnstime="237066" aptptime="72802" cattime="3494985" avscantime="0" fullreqtime="9778265" device="0" auth="0" ua="" exceptions="" category="147" reputation="neutral" categoryname="Streaming Media" application="youtube" app-id="557"
2022:05:29-13:53:08 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.4" dstip="142.250.186.182" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="26312" request="0xda8cb500" url="">https://i.ytimg.com/" referer="" error="" authtime="0" dnstime="234618" aptptime="72898" cattime="3494514" avscantime="0" fullreqtime="9789059" device="0" auth="0" ua="" exceptions="" category="177" reputation="trusted" categoryname="Content Server" application="youtube" app-id="557"
2022:05:29-13:53:30 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="594" message="reloading config"
2022:05:29-13:53:31 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="540" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2022:05:29-13:53:31 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3882" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2022:05:29-13:57:30 sg105 URID[5148]: T=5148 ------ 2 - Warning: LATE TIMEOUT: dns context 6 should have timed out 1626 ms ago\n
2022:05:29-13:57:32 sg105 URID[5148]: T=5148 ------ 2 - Warning: LATE TIMEOUT: dns context 5 should have timed out 3529 ms ago\n
2022:05:29-14:02:18 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="658" message="reloading config done, new version 27"
2022:05:29-14:02:18 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.242.2.4" dstip="42.119.138.22" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xda78aa00" url="">zpsocial-f48-w120.zadn.vn/17b8011ce8ae07f05ebf.jpg" referer="" error="" authtime="0" dnstime="212344" aptptime="323" cattime="4665778" avscantime="553955079" fullreqtime="560430620" device="0" auth="0" ua="NotificationServiceExtension-Production/454 CFNetwork/1333.0.4 Darwin/21.5.0" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" sandbox="-" content-type="image/jpeg"
2022:05:29-14:02:18 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1131" message="Write error on the epoll handler 99 (Connection reset by peer)"
2022:05:29-14:02:18 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1131" message="Write error on the epoll handler 89 (Connection reset by peer)"
2022:05:29-14:02:18 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="594" message="reloading config"
2022:05:29-14:02:18 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.4" dstip="87.123.250.26" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7356" request="0xda9c6700" url="">iphone-ld.apple.com/" referer="" error="" authtime="0" dnstime="279004" aptptime="147696" cattime="4481017" avscantime="0" fullreqtime="560717995" device="0" auth="0" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" application="apple" app-id="621"
2022:05:29-14:02:18 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.4" dstip="87.123.250.26" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="138402" request="0xda894700" url="">iphone-ld.apple.com/" referer="" error="" authtime="0" dnstime="279345" aptptime="147666" cattime="4480529" avscantime="0" fullreqtime="560717601" device="0" auth="0" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" application="apple" app-id="621"
2022:05:29-14:02:18 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1131" message="Write error on the epoll handler 96 (Broken pipe)"
2022:05:29-14:02:18 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1131" message="Write error on the epoll handler 166 (Broken pipe)"
2022:05:29-14:02:18 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.4" dstip="23.53.172.157" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9619" request="0xda894000" url="">https://cl5.apple.com/" referer="" error="" authtime="0" dnstime="290769" aptptime="359" cattime="4627398" avscantime="0" fullreqtime="560843708" device="0" auth="0" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" application="apple" app-id="621"
2022:05:29-14:02:25 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="540" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2022:05:29-14:02:25 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3882" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2022:05:29-14:02:26 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.3" dstip="2.19.244.28" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="517" request="0xdaa70300" url="">bag.itunes.apple.com/" referer="" error="" authtime="0" dnstime="3037260" aptptime="711579" cattime="3291938" avscantime="0" fullreqtime="7660571" device="0" auth="0" ua="" exceptions="" category="112" reputation="trusted" categoryname="Entertainment" application="itunes" app-id="246"
2022:05:29-14:02:26 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.3" dstip="23.32.238.203" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="517" request="0xda8cd800" url="">p16-sign-va.tiktokcdn.com/" referer="" error="" authtime="0" dnstime="3334810" aptptime="532965" cattime="3406143" avscantime="0" fullreqtime="8151950" device="0" auth="0" ua="" exceptions="" category="177" reputation="neutral" categoryname="Content Server"
2022:05:29-14:02:26 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.3" dstip="23.53.174.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="517" request="0xa553500" url="">configuration.ls.apple.com/" referer="" error="" authtime="0" dnstime="3171034" aptptime="197" cattime="3819449" avscantime="0" fullreqtime="7839433" device="0" auth="0" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" application="apple" app-id="621"
2022:05:29-14:02:26 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.3" dstip="23.53.172.157" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="517" request="0xda6c5500" url="">https://cl5.apple.com/" referer="" error="" authtime="0" dnstime="2535392" aptptime="191" cattime="3875559" avscantime="0" fullreqtime="7839805" device="0" auth="0" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" application="apple" app-id="621"
2022:05:29-14:02:26 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.3" dstip="184.24.77.43" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="517" request="0xdaa6f500" url="">weather-data.apple.com/" referer="" error="" authtime="0" dnstime="3650918" aptptime="701053" cattime="3302470" avscantime="0" fullreqtime="8321452" device="0" auth="0" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" application="apple" app-id="621"
2022:05:29-14:02:27 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.3" dstip="17.253.79.203" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="517" request="0xda7d5500" url="">gsp-ssl.ls.apple.com/" referer="" error="" authtime="0" dnstime="3302549" aptptime="63398" cattime="3880061" avscantime="0" fullreqtime="8321304" device="0" auth="0" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" application="apple" app-id="621"
2022:05:29-14:02:27 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="658" message="reloading config done, new version 34"
2022:05:29-14:02:27 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="594" message="reloading config"
2022:05:29-14:02:27 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="540" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2022:05:29-14:02:27 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3882" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2022:05:29-14:02:28 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="658" message="reloading config done, new version 34"
2022:05:29-14:02:28 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="594" message="reloading config"
2022:05:29-14:02:28 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="540" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2022:05:29-14:02:28 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3882" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2022:05:29-14:02:29 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="658" message="reloading config done, new version 34"
2022:05:29-14:02:29 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="594" message="reloading config"
2022:05:29-14:02:29 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="540" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2022:05:29-14:02:29 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3882" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2022:05:29-14:02:31 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="658" message="reloading config done, new version 34"
2022:05:29-14:02:31 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="594" message="reloading config"
2022:05:29-14:02:31 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="540" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2022:05:29-14:02:31 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3882" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2022:05:29-14:02:32 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="658" message="reloading config done, new version 34"
2022:05:29-14:02:32 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="594" message="reloading config"
2022:05:29-14:02:32 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="540" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2022:05:29-14:02:32 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3882" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2022:05:29-14:02:33 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="658" message="reloading config done, new version 34"
2022:05:29-14:02:33 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="594" message="reloading config"
2022:05:29-14:02:33 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="540" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2022:05:29-14:02:33 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3882" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2022:05:29-14:02:34 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="658" message="reloading config done, new version 34"
2022:05:29-14:02:45 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.3" dstip="2.19.244.28" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7911" request="0xdaa6fc00" url="">init.itunes.apple.com/" referer="" error="" authtime="0" dnstime="3051981" aptptime="709207" cattime="3294496" avscantime="0" fullreqtime="27503521" device="0" auth="0" ua="" exceptions="" category="112" reputation="trusted" categoryname="Entertainment" application="itunes" app-id="246"
2022:05:29-14:02:46 sg105 httpproxy[5378]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.242.2.3" dstip="2.19.244.28" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo2 (VPN (LAN & Remote))" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7917" request="0xda70c300" url="">configuration.apple.com/" referer="" error="" authtime="0" dnstime="3617459" aptptime="710245" cattime="3293708" avscantime="0" fullreqtime="28114064" device="0" auth="0" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" application="apple" app-id="621"
2022:05:29-14:03:08 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="594" message="reloading config"
2022:05:29-14:03:09 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="540" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2022:05:29-14:03:09 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3882" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2022:05:29-14:03:10 sg105 httpproxy[5378]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="658" message="reloading config done, new version 35"

Hope someone can help.



This thread was automatically locked due to age.
  • 0

    What are you using for DNS?

    What version of UTM are you using?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    as DNS are all Interal Networks listed.

    as DNS Forwarder is the DSL Router (Fritz Box) with the ISP Settings listed. 

    UTM Version is 9.711, but before I updated it was already there. I saw it first on 9.709, but maybe it existed before.

    I think it's configuration related, but what need to be changed?

  • 0 in reply to Andreas Czech

    As an experiment, remove the DNS forwarder, create a new DNS Host for Secure DNS address 1.1.1.1 and/or Google DNS address 8.8.8.8, and add those (or one of them) as your new DNS Forwarder, then flush your cache and reboot the UTM.  You might just be having an issue resolving hosts through the Fritz box.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to Amodin

    did

    removed the DNS Forwarder to my Router (Fritz Box) and set new Forwarders (Cloudflare and Google), flushed the DNS Cache and rebooted the UTM. Result: Same Behavior as before (Web Filtering reloads the Config every 4-10min).

  • 0

    strange for me is: why are the VPN Clients using the Web Filtering (I see them in the Live Log), but no other Subnet (Internal / Guests / ...)?

  • 0 in reply to Andreas Czech

    Hallo Andy,

    You have an interesting one here!  Please insert pictures of:

    1. The Web Filter Profile(s) with your networks.
    2. The 'Skip Transparent Mode Source Hosts/Nets' box on the 'Misc' tab.
    3. The 'DNS Forwarders' tab in 'DNS'
    4. The 'Advanced' tab in 'Remote Access'.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Might this also be affected by the bad pattern updates that may have popped up again?

    Bad pattern updates again??? - General Discussion - UTM Firewall - Sophos Community

    Not so much blocking traffic (we see it pass above) but maybe related?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • 0 in reply to BAlfson

    Hi Bob,

    thanks for looking into this. Here are the Screenshots which you've requested:

    1. Global Tab

    1. Web Filtering Profiles

    2

    3 - 2 Screenshots because I've tried several Forwarders

    4.

    hope you or someone has an Idea and could help

  • 0 in reply to Amodin

    currently running on Pattern: 209140

    as the Post speaks about older Patterns -> I think that's not related,

    although it don't explains why only VPN Clients are filtered and all other Subnets not.

  • 0 in reply to Andreas Czech

    Hi Andy,

    Try disabling 'Detect HTTP loopback' on the 'Misc' tab.

    You show two 'Forwarders' tabs.  Which one is active when "Internal (Network)" can't reach the Proxy?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML