Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 5 subscribers
  • Views 25134 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange issue with Sophos UTM Web Protection

RichardHughes1

Hi,

Firstly, I have got to admit, getting here was quite a challenge. It would appear that the Astaro forums have gone now, and this is it's replacement. I can't say that my experience from this new replacement has been good, the overall feel to this isn't very user friendly, just my opinion. Good were the days where you could easily log-on to a forum and start a new thread, where as now, with this replacement, you have to work out how to actually log-on and then join a group before you can create a question... what?!!

Going off topic here, I'll get to the reason why I am here today. For a while now, I have had an intermittent issue with Web Protection and Active Directory SSO authentication, where all web access is blocked. This occurrence only occurs after either a restart of the Sophos UTM or by a restart of ALL domain controllers. This issue only affects devices which use a profile with Active Directory SSO authentication set as the default. I have discovered that when this issue occurs, if I simply visit the eBay website, all web access is restored. If I do not visit the eBay website, all web access is denied by Sophos Web Protection. Web access appears to be fine when using Agent/Browser authentication, this issue does not affect devices which use a profile with Agent/Browser authentication set as the default.

I really don't know what is going on here, the issue has been on-going for some time now and it is getting quite annoying now. Has anybody else experienced this strange anomaly? 

Regards,
Richard



This thread was automatically locked due to age.
Parents
  • 0

    I can confirm such behaviour at one of my customers. Also transparent mode with AD-SSO (Authentication required is checked). We use profiles for AD-Groups and last web profile is block all action. Browser is ie.
    Problem appears if user starts the computer in the morning and if e.g. www.google.de is the browser start page -> in this case there will additionaly be a https cert error (because of the redirection to https://www.google.de)
    Https traffic is not scanned by the webproxy (only filtering)!

    If you look at the logs user is empty-> " "

    So the user gets an UTM error page ->block all action
    If you use the webproxy policy checker for the user all seems to be fine.

    If the user is loading an other webpage than the start page, authentication will work fine now and also the website loads normally...-> also google.de works now.


    I've got the feeling that if you uncheck the "automatic search of the proxy configuration" in ie it will work normally but I'm not really sure about that...


    I'll check if problem still persists after 9.353-4 Update... (customer is on 9.351-3)

    regards

Reply
  • 0

    I can confirm such behaviour at one of my customers. Also transparent mode with AD-SSO (Authentication required is checked). We use profiles for AD-Groups and last web profile is block all action. Browser is ie.
    Problem appears if user starts the computer in the morning and if e.g. www.google.de is the browser start page -> in this case there will additionaly be a https cert error (because of the redirection to https://www.google.de)
    Https traffic is not scanned by the webproxy (only filtering)!

    If you look at the logs user is empty-> " "

    So the user gets an UTM error page ->block all action
    If you use the webproxy policy checker for the user all seems to be fine.

    If the user is loading an other webpage than the start page, authentication will work fine now and also the website loads normally...-> also google.de works now.


    I've got the feeling that if you uncheck the "automatic search of the proxy configuration" in ie it will work normally but I'm not really sure about that...


    I'll check if problem still persists after 9.353-4 Update... (customer is on 9.351-3)

    regards

Children
No Data
Unfiltered HTML