Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 41229 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Proxy Not working

wilmcgil
I am trying to evaluate the Sophos device and I have an issue with the web proxy.

I repeatedly get these errors and nobody can reach the internet while the web filtering is enabled.

function="dns_init" file="dns.c" line="1320" message="failed to get dns ip"
2015:03:27-00:00:24 utm httpproxy[30131]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="310" message="failed to initialize DNS"
2015:03:27-00:00:55 utm httpproxy[30224]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="main" file="httpproxy.c" line="271" message="reading configuration"
2015:03:27-00:00:55 utm httpproxy[30224]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="583" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2015:03:27-00:00:55 utm httpproxy[30224]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3334" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"

Any ideas?

Thanks

Wil


This thread was automatically locked due to age.
Parents
  • 0
    I have the same issue. My reseller does not even respond to emails, so not a good reputation for SOPHOS.

    I followed the DNS best practice already but something with the DNS resolution was wrong from the very beginning. What ever I did, DNS host names were not resolved. I added then "nameserver 127.0.0.1" to resolve.conf, since then I can use DNS host names in the definitions group.

    The webfiltering still does not work because of the errors above.

    Where can I have a look into?

    thanks for guiding me
    Rene
  • 0 in reply to RenéHäberli

    Hi, René, and welcome to the UTM Community!

    Please click on 'Use rich formatting'  and insert a picture of your DNS configuration.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to RenéHäberli

    Hi, René, and welcome to the UTM Community!

    Please click on 'Use rich formatting'  and insert a picture of your DNS configuration.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson

    Hi Bob

    Thanks a lot for your help! - Please find below the ATTs.

    Cheers, Rene

  • 0 in reply to RenéHäberli

    I'm guessing that you already found DNS Best Practice -

    If you add "Internal (Network)" to 'Allowed Networks', do things work as you'd hoped?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Yes, I have worked through DNS best practice. Adding the "internal (Network)" does not change anything. Internal clients are resolving against srv01.oh.local which is the DC.

    Cheers, Rene

  • 0 in reply to RenéHäberli

    Have you looked at the DC to confirm that it has a Reverse Lookup Zone including 10.10.8.0/24 and that there's an entry for 10.10.8.21?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Good point . . . / Ok, reverse is a different story. My P1 is the webproxy which is not working. Any idea, where I can look into?

    Cheers, Rene

  • 0 in reply to RenéHäberli

    It looks like DNS isn't the problem.  If a reboot doesn't help, it might be an unusual configuration error in Web Filtering.  Another possibility is that the initial load of the UTM's firmware was faulty.  Before you reload from ISO, contact Sophos Support to have them look at this.  Please let us know the result.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    And here it ends. My reseller is not supporting me at all which makes it difficult to get in contact with Sophos. I thought, they were scanning this comunity. Any other option or logs I could check?

    Cheers,

    Rene

  • 0 in reply to RenéHäberli

    I tried to send you a message.  If you will send me one, I will help you get to Sophos Support.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to RenéHäberli

    Templated answer:


    SOPHOS pre-sales can be contacted through the following email addresses.  They can help directly, connect you to partners, and assist with people who are having issues during the test phase before they have a valid support contract.


    for APAC: NSG-presales-apac@sophos.com (Asia & Pacific & Australia)
    for Americas: presales-us@sophos.com (South + North America)
    for NEEMEA: presales-neemea@sophos.com Northern+Eastern Europe/Africa/Middle East)
    for UKI: SophosSalesSeUKI@sophos.com (UK + Ireland)
    for DACH: UTM-presales-DACH@sophos.com (Germany-Siwtzerland-Austria)
    for West Europe: SophosSalesSEWesternEurope@sophos.com (France, Italy, Spain, ...)

    Please be aware that Sophos as an organization is working based on a partner&reseller-channel model.  If you have a partner, please include them in the communication.

    I would add that if you are having problems with a partner ore reseller - please let pre-sales know.  :)

Unfiltered HTML