Hi,
I have the particolar network configuration that you see in attachment. I configured the SNAT
- External DMZ (Address) -> ANY : SNAT from Internal DMZ (Address)
to permit the ASG to connect to internet (see the thread https://community.sophos.com/products/unified-threat-management/astaroorg/f/55/t/44460).
I enabled Web Security in Trasparent Mode with Full Transparent Option.
For Internet Sites all works correctly.
If a client try to connect to "pearl.inogs.it" or "dru.inogs.it" or in general to an "internal" site, the browser show the "Impossible to find web site" page. Logs show the following message:
2010:03:09-15:11:25 astaro-gw-2 httpproxy[5022]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="158.110.30.37" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2184" time="63227 ms" request="0xaf123028" url="pearl.inogs.it/.../NGO"
2010:03:09-15:11:45 astaro-gw-2 httpproxy[5022]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="158.110.30.37" user="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2180" time="61768 ms" request="0xaf119f60" url="dru.inogs.it/.../NGO"
ASG categorizes correctly the sites but seem it blocks them, even though the "Non-Profit/Advocacy/NGO" category is allowed. Also the ASG doesn't show the usual "Category Blocked" page.
As workaround I put the IP of those sites in "Transparent mode skiplist" under "Advansed" tab of the Web Security configuration.
Where do you think the problem may be?
Regard,
Stefano
This thread was automatically locked due to age.
