This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM running Full Transparent, web filtering not working

I have my UTM (9.404-5) running in full transparent mode.  I have activated web filtering .. but it's not working.  I have put in a website under the "Block these websites" section (www.technewsworld and technewsworld.com) for testing purposes.  No websites are blocked however.  I can browse right to them.

Any suggestions for places to look for incorrect configuration?  My network setup is Cable modem >Cisco router>UTM 9 (Bridged)>Switch>PCs.

Looking at the web filtering live log, I see several entries that say "failed to resolve passthrough6.fw-notify.net"

Thank you .. This is driving me crazy!



This thread was automatically locked due to age.
Parents
  • I'm having the same issue and the same entries in the Web filtering log.

    Here is the Global config...

    Here is the filter config...

    There are dozens of domains in the blacklist, but none are actually being blocked. When I run the domain through the Policy Helpdesk is says it should be blocked but if I browse to the site on a PC I get through just fine.

    Another strange symptom is that when I try to view any of the Web Protection reports there is nothing in the reports. They all say "No data" or "Empty result".

    I have another Sophos appliance at my other location with the exact same settings and it is working fine.

  • Hi Scott,

    Try to add RegEx in place of domain. RegEx for Netflix will be:

    ^https?://([A-Za-z0-9.-]*\.)?www\.netflix\.com/

    Finally, restart httpproxy, take SSH to UTM and execute /var/mdw/scripts/httpproxy restart

     Also, can you post http.log while trying to access netflix.com after making the changes?

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • logfiles_20160914083148.zip

    Reg expression added.

    httpproxy has been restarted.

    Log file is attached.

    Still not working. The issue is more than just Netflix not being blocked....None of the more than a dozen websites in the blacklist are being blocked. I think these are symptoms of a larger problem.

  • Hi, Scott, and welcome to the UTM Community!

    There's nothing being blocked because the traffic is bypassing Web Filtering.  Please show a picture of the 'Global' tab.  You didn't say so, but I assume that the UTM is running in bridged mode between your internal network and your edge router - correct?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  •   

    Same settings (except the LAN definition) are working fine on the Sophos appliance (same model) at our other location.

  • Is the network topology the same in both locations?  You didn't confirm my guess.

    Please insert a picture of the 'Interfaces' tab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Topology is the same at both locations.

  • What happens if you disable "Management Interface 2" or assign it to a subnet that doesn't conflict with that on br0?  See #3.1 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • What happens if you disable "Management Interface 2" or assign it to a subnet that doesn't conflict with that on br0?  See #3.1 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • I disabled management interface 2. No change. Restarted the device. No change.

  • Until you change the subnet on eth5 so that it doesn't overlap the one on eth0, it will be difficult to draw any conclusions.  If you disabled MI2 ad immediately had a failed test, it may have been because the configuration daemon hadn't yet completed rewriting and activating the new configuration.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA