This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allowed service vs Connection refused alert

Hello,

I have an UTM9 infrastructure in place. I just received a request from my colleague to enable a specific website for him. The site is www.scada.ie:8088 and when he tried to access it he received an error message about "Target service not allowed". Which is fine.

So I created an Allowed Target Service with the following parameters:
Name: Scada
Type of definition: TCP
Destination port: 8088
Source port: 1:65535

Also created an exception for him with the following parameters:
Name: Scada
Skip these checks: checked all
Matching these URLs: http://www.scada.ie:8088/ (also tried with regexp with the same result: ^http?://{[A-Za-z0-9.-]?scada\.ie/)

With these setting the error message become Connection refused

I check with the Policy tester and it reported back:
Request URL: http://www.scada.ie:8088/main/web/home?17
R
esult: Allowed
Filter profile: Client profile
Policy name: Base policy
Exceptions: Scada

What I missed?

Thanks in advance



This thread was automatically locked due to age.
  • If you copied that REGEX, you forgot the "s" - ^https?://{[A-Za-z0-9.-]?scada\.ie/, but I don't think that Exception should have been necessary.  Whenever you have a problem you don't understand, start with the logs.  When he receives the connection refused message, what line do you see in the Web Filtering log?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA