This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Webfiltering Full Transparent Mode in ESXI not working "failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"

Good day friends.  Anyway, I have  a problem where I can't seem to figure out where to go from here.  I think this is a dns issues.  Here is the error:

2023:05:13-16:20:48 xxxxxxxx httpproxy[21647]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3897" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2023:05:13-16:20:49 xxxxxxxx httpproxy[21647]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="659" message="reloading config done, new version 142"
2023:05:13-16:23:32 xxxxxxxx httpproxy[21647]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="595" message="reloading config"
2023:05:13-16:23:32 xxxxxxxx httpproxy[21647]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="540" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2023:05:13-16:23:32 xxxxxxxx httpproxy[21647]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3897" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2023:05:13-16:23:32 xxxxxxxx httpproxy[21647]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="659" message="reloading config done, new version 143"
2023:05:13-16:25:24 xxxxxxxx httpproxy[21647]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="595" message="reloading config"
2023:05:13-16:25:24 xxxxxxxx httpproxy[21647]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="540" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2023:05:13-16:25:24 xxxxxxxx httpproxy[21647]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3897" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2023:05:13-16:25:25 xxxxxxxx httpproxy[21647]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_reload_func" file="confd-client.c" line="659" message="reloading config done, new version 145"

So, I think my setup is ok because when I turn webfiltering off, everything is working.  I can access the internet, my devices get dhcps.

Here is my network topology:

Modem -> [Firewall Mini PC ESXI (OpenWRT router (192.x.x.1 -> Sophos UTM 192.x.x.200)] -> Switch -> Devices

In esxi I added a virtual NIC, set to accept promiscous mode, forged transmits, and mac address changes.  For my OpenWRT VM, I have Physical LAN (with ethernet uplink), Physical WAM (passthrough), and VirtualNIC, for my Sophos UTM, Physical LAN, VirutalNIC, TrunkPort (with ethernet uplink).

My OpenWRT router does all dhcps, NATing, DNS resolution.  My sophos UTM only has bridge interface with no ip address (VirtualNIC and TrunkPort ) and lan (192.x.x.200) for management.  I set firewall to any any any.  No NAT rules, IDS is off.  My webfilter is set to full ransparent, no authentication allowed networks are subnet of VLAN I want to filter, HTTPS set to url filtering only.  Application control set to allow all.

I use adguard home (app on OpenWRT) for my dns server 192.x.x.1:53

Thank you in advance.



This thread was automatically locked due to age.