Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 15353 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

statuscode="407"

jazzoberoi
Hi,

I'm using the 9.310-11 firmware

I realized that in Standard (AD-SSO) mode, the UTM WebFilter logs each and every web request as statuscode="407". Is this really necessary ? I think i saw once in some changelog that this level of filtering was not going to happen.

The statuscode="407" does not get logged when using the Transparent (AD-SSO) mode.

2015:04:25-00:52:11 dvicsophosutm01-1 httpproxy[6403]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction=" ()" size="2681" request="0xcadaf000" url="www.civicscience.com/.../7.0; rv:11.0) like Gecko" exceptions="" 

2015:04:25-00:52:24 dvicsophosutm01-1 httpproxy[6403]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction=" ()" size="2673" request="0xcb2b2000" url="ping.chartbeat.net/ping

2015:04:25-00:52:24 dvicsophosutm01-1 httpproxy[6403]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.0.30.49" dstip="" user="" ad_domain="" statuscode="407" cached="0" profile="REF_HttProContaInterHp5 (Employee (Standard) Proxy Profile)" filteraction=" ()" size="2673" request="0xcb2b2000" url="ping.chartbeat.net/ping

2015:04:25-00:54:18 dvicsophosutm01-1 httpproxy[6403]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.0.20.205" dstip="15.201.225.95" user="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterHp (Server Internet Profile)" filteraction="REF_DefaultHTTPCFFBlockAction (Sophos-Block All Internet)" size="3130" request="0xa0f7800" url="15.201.225.95/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="872413" device="3" auth="2" ua="" exceptions="av,url" 


This thread was automatically locked due to age.
Parents
  • 0
    Do you see anything about winbindd in the Fallback or System messages log?  Is there anything in the AD server's Kerberos log about these failed authentications?  When the 407 codes start, is there more than 5 minutes difference between the AD server and the UTM?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Do you see anything about winbindd in the Fallback or System messages log?  Is there anything in the AD server's Kerberos log about these failed authentications?  When the 407 codes start, is there more than 5 minutes difference between the AD server and the UTM?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML