This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Google is being blocked!

I have just installed a new Sophos SG330, and it is setup as a bridged transparent mode.  We are only using the Web Protection on this device for the time being.   I only have 1 filter action I setup in the setup wizard, and I have only set Suspicious and Nudity as the blocked Categories.  Everything seems to run fine, but I can not access google.com.  In my live log it is showing me the following information:

2016:01:16-21:39:28 decatursophos httpproxy[11778]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.0.187" dstip="23.63.227.177" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2518" request="0x11bfc800" url="crl.microsoft.com/.../tspca.crl" referer="" error="Network is unreachable" authtime="0" dnstime="1118" cattime="121" avscantime="0" fullreqtime="1520" device="0" auth="0" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="105" reputation="unverified" categoryname="Business"

2016:01:16-21:39:31 decatursophos URID[11752]: T=11752 ------ 2 - Warning: EARLY TIMEOUT: dns context 0 has 5999 ms before it should time out\n
2016:01:16-21:39:31 decatursophos httpproxy[11778]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe4154800" function="connect_server" file="dns.c" line="1190" message="connect() on AF 2 socket to 23.63.227.177 failed: Network is unreachable"
2016:01:16-21:39:31 decatursophos httpproxy[11778]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.0.134" dstip="23.63.227.177" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2519" request="0xe4154800" url="crl.microsoft.com/.../msitwww2.crl" referer="" error="Network is unreachable" authtime="0" dnstime="3" cattime="156600" avscantime="0" fullreqtime="156859" device="0" auth="0" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="105" reputation="unverified" categoryname="Business"
2016:01:16-21:39:35 decatursophos httpproxy[11778]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe3379000" function="connect_server" file="dns.c" line="1190" message="connect() on AF 2 socket to 23.216.10.113 failed: Network is unreachable"
2016:01:16-21:39:35 decatursophos httpproxy[11778]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.0.81" dstip="23.216.10.113" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2570" request="0xe3379000" url="international.download.nvidia.com/.../GeForce_Experience_Update_v2.7.4.10.exe" referer="" error="Network is unreachable" authtime="0" dnstime="893" cattime="129" avscantime="0" fullreqtime="1433" device="0" auth="0" ua="NVIDIA NetworkService v1.0.0.1" exceptions="" category="105" reputation="neutral" categoryname="Business"
2016:01:16-21:39:42 decatursophos httpproxy[11778]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe337b800" function="connect_server" file="dns.c" line="1190" message="connect() on AF 2 socket to 23.63.227.177 failed: Network is unreachable"
2016:01:16-21:39:42 decatursophos httpproxy[11778]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.0.187" dstip="23.63.227.177" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2540" request="0xe337b800" url="crl.microsoft.com/.../MicRooCerAut2011_2011_03_22.crl" referer="" error="Network is unreachable" authtime="0" dnstime="2" cattime="127" avscantime="0" fullreqtime="396" device="0" auth="0" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="105" reputation="unverified" categoryname="Business"
2016:01:16-21:39:55 decatursophos httpproxy[11778]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe3f75000" function="connect_server" file="dns.c" line="1190" message="connect() on AF 2 socket to 23.63.227.177 failed: Network is unreachable"
2016:01:16-21:39:55 decatursophos httpproxy[11778]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.0.187" dstip="23.63.227.177" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2530" request="0xe3f75000" url="crl.microsoft.com/.../microsoftrootcert.crl" referer="" error="Network is unreachable" authtime="0" dnstime="777" cattime="130" avscantime="0" fullreqtime="1215" device="0" auth="0" ua="Microsoft-CryptoAPI/6.1" exceptions="av,ssl,fileextension,size" category="175" reputation="unverified" categoryname="Software/Hardware"
I can not figure out how to allow google.com to work.  
Please help!


This thread was automatically locked due to age.
  • I don't see any information about request for google.com website in that log lines.
  • I am having a similar problem that now I have installed Sophos Google Chrome will not load. Instead it freezes up and has to be closed from the task manager. I have put GC into the exceptions list but this doesn't seem to have any effect. Any help would be appreciated.
  • This is one of the annoying things in the web filter logs is they use the term block too generally. It just could not reach the site. so it was "blocked" as a consequence of not reaching the site. This also happens when websites are slow to load and give a time out, the logs will still show it as a block.

    Can any other sites be reached? If its a new deployment I would check the NAT rules and verify you have that network allowed to route to the internet.
  • Jon, those are all statuscode="502" (bad gateway) errors, so something is misconfigured. By any chance, is the UTM trying to reach the outside world via a transparent proxy?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA