Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 8061 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTP Proxy Stops Responding

strsmatt
Hello

I've opened a case with Sophos premium support, but I thought I'd post the problem here as well to see if anyone has any suggestions.

A few times per day we're getting "Proxy server not responding". I managed to catch it in the live log today, and this is the last few lines before it stops responding:

2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="parse_address" file="util.c" line="464" message="getaddrinfo: passthrough6.fw-notify.net: Name or service not known"
2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_config_filter" file="confd-client.c" line="3384" message="failed to resolve passthrough6.fw-notify.net, using 2a01:198:200:680::8080"
2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 1746 (Input/output error)"
2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 971 (Input/output error)"
2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1567" message="Read error on the http handler 448 (Input/output error)"
2015:04:27-11:40:34 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="confd_network_filter" file="confd-client.c" line="1851" message="failed to get network: Operation not permitted (req=[{ "id": 399308, "method": "get_object", "params": [ "" ] }])"
..... [few more of the same]
2015:04:27-11:40:37 sophosutm httpproxy[5759]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="aptp_reload" file="aptpscanner.c" line="133" message="reloading ATP pattern"


Clients are configured to use the utm as a proxy, and transparently, but both have problems.

Any ideas appreciated!

Matt


This thread was automatically locked due to age.
Parents
  • 0
    ok how many users and what are your reporting settings?  If you have it set to retain as much as you can set it to that is going to make searches take a while.  if it is at defaults that's different...[:)]

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Reply
  • 0
    ok how many users and what are your reporting settings?  If you have it set to retain as much as you can set it to that is going to make searches take a while.  if it is at defaults that's different...[:)]

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Children
  • 0 in reply to William Warren
    In Logging & Reporting -> Log Settings it's set to 'never delete log files', then at 90% to delete oldest log files.

    in Reporting Settings, everything is set to 3 months.

    I think these are default?


    In terms of users, we're authenticating against an AD domain with 1500 users in, but max concurrent users is way smaller - probably in the region of 300ish?

    Concurrent connections are well within the quoted capacity of the appliance: http://i.imgur.com/I6N2RQ2.png
Unfiltered HTML