This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Model:SG430; Why we are not able to open Websites on Port 8080

RichardBurgsmüller over 8 years ago

Hello all,

we are using Sophos SG430 with activated Web Filtering in tranparent mode.

Now all Client cant open via the Webbrowser sites with on 8080 (for example: http://portquiz.net:8080).

The required Firwallrules were genereated and activated, also checked multiple times.

Firewallrule looks like that:

Resource: ClientXYZ (192.168.50.22/24) -> Service HTTP, HTTPS; 8080 -> Destination: ANY

For testing, iv'e put the ClientXYZ in the List for "Skip Transparent Mode Source Hosts/Nets"

Checkbox ist set to allow HTTPS/HTTP

This thread was automatically locked due to age.

Parents

0 sachingurung over 8 years ago

Hi,

Use the websurfing service group instead of custom services defined in the firewall rule. Please check #1 in Rulz.

Thanks

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 RichardBurgsmüller over 8 years ago in reply to sachingurung

Hello,

Websurfinggrooup is in use, but no bonification.

If i try the Connection with "telnet XXX.XXX.XXX.XXX 8080", no Connection. But the Firwall Log Shows a Permit.

If i try the Connection via Browser with URL, is there no Record in the Firewall Log.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 RichardBurgsmüller over 8 years ago in reply to sachingurung

Hello,

Websurfinggrooup is in use, but no bonification.

If i try the Connection with "telnet XXX.XXX.XXX.XXX 8080", no Connection. But the Firwall Log Shows a Permit.

If i try the Connection via Browser with URL, is there no Record in the Firewall Log.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 giomoda over 8 years ago in reply to RichardBurgsmüller

Hey Richard.

When you use transparent proxy, packets from your internal netwok going to port 80 and 443 on the internet are captured and redirected to the proxy automatically. That should not happen to port 8080.

What you are describing seems to be a client with proxy settings pointing it to the UTM proxy. That would explain why you don't see anything on your firewall log, since the client is not really connecting to port 8080, but the proxy is, on behalf of the client. Check your Web Filtering logs, my guess is that you will see an entry about this connection there.

Now, if your telnet is not working and your firewall rule is right, which it appears to be, you might have a routing issue or another firewall between your UTM and the internet blocking this connection. I've seem some cheap ADSL modems blocking packets that it should not. Plug a notebook to your modem and run that telnet again. If it works, then there's something wrong with your firewall rules. I would start with disabling IPS and running some tests, if that's the case.

Regards - Giovani
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 8 years ago in reply to giomoda

Hi, Richard, and welcome to the UTM Community!

What happens if you uncheck 'Automatically detect settings' in LAN Settings in your browser?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel