Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 8717 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Model:SG430; Why we are not able to open Websites on Port 8080

RichardBurgsmüller

Hello all,


 we are using Sophos SG430 with activated Web Filtering in tranparent mode.

Now all Client cant open via the Webbrowser sites with on 8080 (for example: http://portquiz.net:8080).

The required Firwallrules were genereated and activated, also checked multiple times. 

Firewallrule looks like that: 

Resource: ClientXYZ (192.168.50.22/24) -> Service HTTP, HTTPS; 8080 -> Destination: ANY

For testing, iv'e put the ClientXYZ in the List for "Skip Transparent Mode Source Hosts/Nets"

Checkbox ist set to allow HTTPS/HTTP



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Use the websurfing service group instead of custom services defined in the firewall rule. Please check #1 in Rulz.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hello,

    Websurfinggrooup is in use, but no bonification.

    If i try the Connection with "telnet XXX.XXX.XXX.XXX 8080", no Connection. But the Firwall Log Shows a Permit.

    If i try the Connection via Browser with URL, is there no Record in the Firewall Log.

  • 0 in reply to RichardBurgsmüller

    Hey Richard.

    When you use transparent proxy, packets from your internal netwok going to port 80 and 443 on the internet are captured and redirected to the proxy automatically. That should not happen to port 8080.

    What you are describing seems to be a client with proxy settings pointing it to the UTM proxy. That would explain why you don't see anything on your firewall log, since the client is not really connecting to port 8080, but the proxy is, on behalf of the client. Check your Web Filtering logs, my guess is that you will see an entry about this connection there.

    Now, if your telnet is not working and your firewall rule is right, which it appears to be, you might have a routing issue or another firewall between your UTM and the internet blocking this connection. I've seem some cheap ADSL modems blocking packets that it should not. Plug a notebook to your modem and run that telnet again. If it works, then there's something wrong with your firewall rules. I would start with disabling IPS and running some tests, if that's the case.

    Regards - Giovani

Reply
  • 0 in reply to RichardBurgsmüller

    Hey Richard.

    When you use transparent proxy, packets from your internal netwok going to port 80 and 443 on the internet are captured and redirected to the proxy automatically. That should not happen to port 8080.

    What you are describing seems to be a client with proxy settings pointing it to the UTM proxy. That would explain why you don't see anything on your firewall log, since the client is not really connecting to port 8080, but the proxy is, on behalf of the client. Check your Web Filtering logs, my guess is that you will see an entry about this connection there.

    Now, if your telnet is not working and your firewall rule is right, which it appears to be, you might have a routing issue or another firewall between your UTM and the internet blocking this connection. I've seem some cheap ADSL modems blocking packets that it should not. Plug a notebook to your modem and run that telnet again. If it works, then there's something wrong with your firewall rules. I would start with disabling IPS and running some tests, if that's the case.

    Regards - Giovani

Children
  • 0 in reply to giomoda

    Hi, Richard, and welcome to the UTM Community!

    What happens if you uncheck 'Automatically detect settings' in LAN Settings in your browser?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML