Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 21 replies
  • Answers 3 answers
  • Subscribers 3 subscribers
  • Views 31444 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM running Full Transparent, web filtering not working

AndrewLee

I have my UTM (9.404-5) running in full transparent mode.  I have activated web filtering .. but it's not working.  I have put in a website under the "Block these websites" section (www.technewsworld and technewsworld.com) for testing purposes.  No websites are blocked however.  I can browse right to them.

Any suggestions for places to look for incorrect configuration?  My network setup is Cable modem >Cisco router>UTM 9 (Bridged)>Switch>PCs.

Looking at the web filtering live log, I see several entries that say "failed to resolve passthrough6.fw-notify.net"

Thank you .. This is driving me crazy!



This thread was automatically locked due to age.
  • 0 in reply to ScottDickason

    Until you change the subnet on eth5 so that it doesn't overlap the one on eth0, it will be difficult to draw any conclusions.  If you disabled MI2 ad immediately had a failed test, it may have been because the configuration daemon hadn't yet completed rewriting and activating the new configuration.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    I had the same issue from a customer.

    Make sure, as BAlfson said, that networks should not overlap. Also make sure that both interfaces have Default gateway.

    I had this issue last year and I remember the error message inside the web live log was the same.

    Hope this helps!

  • 0 in reply to lferrara

    Luk, if I understand his topology, I don't think he wants a default gateway on anything other than br0.  Right?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Good question Bob.

    I searched for my customer issue on ticketing system and he tried to configure the bridge without gateway on that bridge and web filtering stopped working.

    In fact, Sophos UTM bridge uses the default gateway on the bridge interface to send URL check requests to Sophos Labs. Even if there is another interface with the same IP/Subnet as the bridge, UTM will always use the bridge gateway for URL reputation.

    We need more info from Andrew however.

  • 0 in reply to lferrara

     

    All interfaces other than the bridge are turned off. The bridge has a gateway defined and it is correct. The appliance has been restarted several times since the management interfaces were turned off and the appliance has been running for about a week. That should be plenty of time for the daemon to do it's thing.

  • 0 in reply to ScottDickason

    Again, I respectfully remind everyone that this same configuration (other than IP addresses and subnet definitions) is working just fine on my other Sophos SG135. Either it's not a configuration issue or the other SG135 is blessed.

  • 0 in reply to ScottDickason

    Scott,

    did you configure the DNS Forwarded inside the UTM, so it is able to resolve dns queries?

    The other option is to delete the bridge, configure only one interface and enable Web Protection and check that the engine is able to processes requests correctly.

    If it works, create the bridge again.

  • 0 in reply to lferrara

    DNS Forwarders are defined. Same ones as defined on the other SG135 that is working.

  • 0

    Hi Andrew,

    Please check if anything is configured inside "Transparent Skip list host" found in Filtering Options> Misc. When a transparent skip list is defined it does not show up in the policy helpdesk test, reason why you might see a blocked status as the result in this check.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to ScottDickason

    Scott, I think you're telling us that you've tried hard to configure the two identically.  The rest of us participating here are trying to help you find where that's not true as this does not seem like a glitch.  If you believe that this is a glitch, you need to download some config backups that you know to be good and then re-image the device from ISO.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML