Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP 404 error

PeterRL
Hi all,

we have a customer that wants to use the UTM only as a webfilter (currently they have an TMG Array and for the time being, they wont replace this "firewall" by Sophos).

So, currently, the UTM was configured as a WebProxy (standart mode with SSO), and some browsers were configured to use the UTM. On the TMG side, there is a secureNAT rule configured to allow all the traffic that comes from the UTM.

What happens is that after some browser sessions are opened (and they are opened) successfully, the internet access begins to be rather slow and eventually it stops with a HTTP 404.

Example of a success connection:

2013:10:09-18:08:29 sophos-1 httpproxy[11419]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="172.XX.XX.XX" dstip="199.7.59.72" user="user1" statuscode="200" cached="0" profile="REF_HttProAcessInter (internet)" filteraction="REF_HttCffAcessTotalInfor (Total Access)" size="1856" request="0x11e8d978" url="ocsp.verisign.com/.../ocsp-response"

2013:10:09-18:08:29 sophos-1 httpproxy[11419]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="172.XX.XX.XX" dstip="199.7.59.72" user="user1" statuscode="200" cached="0" profile="REF_HttProAcessInter (internet)" filteraction="REF_HttCffAcessTotalInfor (Total Access)" size="1856" request="0x11c38538" url="ocsp.verisign.com/.../ocsp-response"

After a while, the issue is reproduced:

On the TMG side, i see several "404 not found" messages when this begins to be reproduced (check print attached). 

On the UTM side, i see several errors like:

2013:10:09-17:31:55 sophos-1 httpproxy[11419]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="172.XX.XX.X" dstip="107.22.194.238" user="user1" statuscode="500" cached="0" profile="REF_HttProAcessInter (internet)" filteraction="REF_HttCffAcessTotal (Total Access)" size="7018" request="0x123b53d8" url="ortc-ws3-useast1-s0012.realtime.co/" exceptions="" error="Connection reset by peer"

2013:10:09-17:31:55 sophos-1 httpproxy[11419]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x940ad80" function="tunnel_handler_recv_data" file="tunnel.c" line="45" message="epoll_fill_buffer: Connection reset by peer"

When this happens, all the tries are returned by a HTTP 404.

I also try to use the parent proxy settings, but it didn´t help.

The UTM version is the 9.106-17 

Any comments/thoughs on this matter, will be greatly appreciated [:)]


This thread was automatically locked due to age.