This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering issues

Hello All,

I'm new to the forums and have the need to be blocking some websites. I have taken over the role of IT administrator for the time being, so I'm not the original architect of this configuration. I don't know how long I will be maintaining this either, but I'd like to be able to hand off something cleaner than what I was given for whoever fills the role.

I read the guides and tried to implement the steps required, but some sites are still getting through without issues. When tested with the policy tool, the policy tool has stated all sites are blocked, but users can still pass through and access the URL without issues. This seems to correlate to domains with Https redirects. Youtube.com, Reddit.com, codeacademy.com, etc. Standard sites with http are blocked fine when adding them to the block sites list in the policy created. I'm running version 9.351-3.

I've tried running in Standard and Transparent mode, but neither seem to make a difference for the https sites. I've enabled HTTPS scanning when in transparent mode and the result has always been the same. 

My current work around is to use the application control to block some of the offenders, but there isn't always a selection available there and I know that's not the intention for that tool.

I'd like to get this to the point where there is user authentication that would allow different users access, but I've failed at being able to pair up to the AD server for now. That will probably be it's own post in the forum for that though.

Any tips/best practices/ or thoughts on the problem are appreciated.

Thanks,

Justin



This thread was automatically locked due to age.
Parents
  • Hi Justin,

    Welcome to the community.

    Please check if the Decrypt and Scan option is selected in Web Filter profile, this is must to filter HTTPS hosted websites.

    Please post the httpproxy logs line, so that I can investigate further. 

    Restart http-proxy:

    1. ssh to ASG and login with loginuser
    2. su - root
    3.  /var/mdw/scripts/httpproxy restart

    Please refer the link to configure Active Directory (AD) Single SignOn (SSO) in Transparent Mode on Sophos UTM

    https://www.sophos.com/en-us/support/knowledgebase/120791.aspx

    Please refer the link to join AD domain here.

    Hope that helps.

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Thank you for the reply Sachin.

    I did try to select the Decrypt and Scan option when I was running in Transparent mode. It didn't seem to make a difference. I never restarted the http Proxy though.

    I cannot SSH to the SG210 device(s) (running in Hot Stand by mode). I'm not sure if the port for access was moved or not. Is there any way to verify it is set up in the web admin page?

    I don't have an http Proxy log either in the logs available on the web admin page.

    Why would that be?

    Thanks,

  • Hi Justin,

    Navigate through Management> System Settings> Shell Access. You can check the SSH global settings here.

    Try clearing the cache history in web browser if you have applied decrypt and scan in transparent mode.

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply Children
No Data