This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Online Grammar Checker - Issue

Hi all,

We have a pair of SG450 UTM Appliances (Firmware version 9.405-5) running in Hot Standby Mode.

We have several users attempting to access a site (https://www.grammarly.com). This site allows the upload of passages of text to be checked for grammar etc. However, after logging on to the site an error message is shown which states:

"Your network configuration blocks Grammarly services on this computer. To troubleshoot this issue, click here"

Clicking 'here' opens a link to a diagnostic test between the user PC and the site itself.

A screenshot of the result is shown below:

I cannot see anything in the logs to indicate what the issue may be here and was wondering if anyone has encountered something like this.

Many thanks for your time and assistance in this matter.

John P



This thread was automatically locked due to age.
  • Hello

     

    We are using an SG210 running firmware 9.509-3

     

    I also have a problem connecting to Grammarly when Web Filtering is in use.

     

    I have added:

    ^https?://([A-Za-z0-9.-]*\.)?grammarly\.com/

    ^https?://([A-Za-z0-9.-]*\.)?grammarly\.io/

    To Web Filtering Exceptions, ticking the SSL Scanning, Certificate Trust Check & Certificate Date Check boxes.  In the Web Filtering logs I can see requests to Grammaly being passed along with my selected exlusions being applied.

     

    I still cannot connect to Grammarly, nor pass the Grammarly diagnostic test - it fails as soon as I get to the Web Sockets tests.

     

    Does anyone have any further tips?

    Many thanks

  • Please paste the relevant lines from the Web Filtering log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Here's the log when I run the Grammarly Self-Diagnostic Tool:

     

    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xc5bb0000" url="https://app.grammarly.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="134" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xa8ae9200" url="denali-static.grammarly.com/" referer="" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="172" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xcb233000" url="https://fonts.googleapis.com/" referer="" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="109" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xc400b800" url="https://fonts.gstatic.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="234" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xc962a600" url="www.google-analytics.com/" referer="" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="166" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions=""
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xc5bb0000" url="https://app.grammarly.com/" referer="" error="" authtime="7" dnstime="0" cattime="0" avscantime="0" fullreqtime="117" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xc8bc9800" url="denali-static.grammarly.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="196" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xca3cf200" url="denali-static.grammarly.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="131" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xc8bc9800" url="denali-static.grammarly.com/" referer="" error="" authtime="8" dnstime="0" cattime="0" avscantime="0" fullreqtime="180" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xca3cf200" url="denali-static.grammarly.com/" referer="" error="" authtime="6" dnstime="0" cattime="0" avscantime="0" fullreqtime="139" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xd0813800" url="denali-static.grammarly.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="147" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0x91449600" url="denali-static.grammarly.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="132" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xd0813800" url="denali-static.grammarly.com/" referer="" error="" authtime="7" dnstime="0" cattime="0" avscantime="0" fullreqtime="127" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0x91449600" url="denali-static.grammarly.com/" referer="" error="" authtime="10" dnstime="0" cattime="0" avscantime="0" fullreqtime="119" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="54.230.8.172" user="user.name" group="Web Filtering Level 3" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="718" request="0xd0813800" url="denali-static.grammarly.com/" referer="" error="" authtime="99" dnstime="2" cattime="0" avscantime="0" fullreqtime="21615" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="54.230.8.172" user="user.name" group="Web Filtering Level 3" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="718" request="0x91449600" url="denali-static.grammarly.com/" referer="" error="" authtime="49" dnstime="3" cattime="0" avscantime="0" fullreqtime="24081" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:58 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0x907eb600" url="https://fonts.gstatic.com/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="160" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xc7d10a00" url="f-log-editor.grammarly.io/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="170" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xc7d10a00" url="f-log-editor.grammarly.io/" referer="" error="" authtime="9" dnstime="0" cattime="0" avscantime="0" fullreqtime="149" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xcad5b800" url="f-log-editor.grammarly.io/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="151" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xcad5b800" url="f-log-editor.grammarly.io/" referer="" error="" authtime="7" dnstime="0" cattime="0" avscantime="0" fullreqtime="145" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xd250a600" url="f-log-editor.grammarly.io/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="147" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xcd6e2400" url="f-log-editor.grammarly.io/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="134" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xd250a600" url="f-log-editor.grammarly.io/" referer="" error="" authtime="7" dnstime="0" cattime="0" avscantime="0" fullreqtime="135" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xe0ce8c00" url="f-log-editor.grammarly.io/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="124" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xe0ce8c00" url="f-log-editor.grammarly.io/" referer="" error="" authtime="6" dnstime="0" cattime="0" avscantime="0" fullreqtime="120" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xa2814400" url="f-log-editor.grammarly.io/" referer="" error="" authtime="1" dnstime="0" cattime="0" avscantime="0" fullreqtime="129" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xa2814400" url="f-log-editor.grammarly.io/" referer="" error="" authtime="7" dnstime="0" cattime="0" avscantime="0" fullreqtime="142" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xa51b6600" url="https://auth.grammarly.com/" referer="" error="" authtime="5" dnstime="0" cattime="0" avscantime="0" fullreqtime="160" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0003" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="" user="" group="" ad_domain="" statuscode="407" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction=" ()" size="2518" request="0xa51b6600" url="https://auth.grammarly.com/" referer="" error="" authtime="7" dnstime="0" cattime="0" avscantime="0" fullreqtime="129" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="52.0.104.133" user="user.name" group="Web Filtering Level 3" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="727" request="0xcad5b800" url="f-log-editor.grammarly.io/" referer="" error="" authtime="67" dnstime="2" cattime="0" avscantime="0" fullreqtime="168070" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="52.0.104.133" user="user.name" group="Web Filtering Level 3" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="727" request="0xa2814400" url="f-log-editor.grammarly.io/" referer="" error="" authtime="68" dnstime="2" cattime="0" avscantime="0" fullreqtime="188317" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"
    2018:10:26-07:34:59 utm httpproxy[16587]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="0.0.0.0" dstip="52.0.104.133" user="user.name" group="Web Filtering Level 3" ad_domain="DOMAIN" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffWebFilteLevel3 (Web Filtering Level Three (Unrestricted Web Filtering))" size="727" request="0xe0ce8c00" url="f-log-editor.grammarly.io/" referer="" error="" authtime="61" dnstime="2" cattime="0" avscantime="0" fullreqtime="193628" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="content,url,ssl,certcheck,certdate"

     

     

    Many thanks

  • Please replace that with lines where the srcip is obfuscated like 192.168.x.21, 172.29.y.21 and 10.x.y.21.

    statuscode="407" means that the client is not allowed under the "Default Web Filter Profile."  Under "Web Filtering Level Three (Unrestricted Web Filtering)," the user is allowed, but we don't know if this is all the same client.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • statuscode="407" only means that the proxy is asking the browser for credentials, so this log entry should be ignored for most purposes, as it is not a final result.   In my logs, 407 will appear one or two times before the entry that tells me the final disposition.

  • Given the number of 407 errors, I conclude the following:

    • The website is downloading some sort of plug-in, which is why it needs websockets.
    • The plug-in is unable to pass NTLM authentication.
    • The proxy keeps asking for credentials, and gets no response, so it never lets the traffic through.

    Try creating an exception object to bypass authentication for these destinations, remove the more permissive exceptions, and try again.

  • Thank-you for all your replies.

    I have crated a new Exception Group in the UTM for Grammarly that skips authentication (as well as SSL checks).  It seems that this exception is working when looking in the logs, but Grammarly still doesn't work.  Here's the log:

    2018:10:29-09:05:29 utm httpproxy[16587]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.XX.170" dstip="52.85.58.157" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2816" request="0xbaff0a00" url="denali-static.grammarly.com/" referer="" error="" authtime="0" dnstime="3" cattime="0" avscantime="0" fullreqtime="7731411" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="auth,content,url,ssl,certcheck,certdate"
    2018:10:29-09:05:29 utm httpproxy[16587]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.XX.170" dstip="54.161.98.25" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="21326" request="0xa65bcc00" url="f-log-editor.grammarly.io/" referer="" error="" authtime="0" dnstime="10896" cattime="0" avscantime="0" fullreqtime="7074987" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="auth,content,url,ssl,certcheck,certdate"
    2018:10:29-09:05:29 utm httpproxy[16587]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.XX.170" dstip="54.88.131.17" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5704" request="0xc81bf800" url="subscription.grammarly.com/" referer="" error="" authtime="0" dnstime="16387" cattime="0" avscantime="0" fullreqtime="6379777" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="auth,content,url,ssl,certcheck,certdate"
    2018:10:29-09:05:29 utm httpproxy[16587]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.XX.170" dstip="52.85.58.157" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3071" request="0x96cdec00" url="denali-static.grammarly.com/" referer="" error="" authtime="0" dnstime="13724" cattime="0" avscantime="0" fullreqtime="8037962" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="auth,content,url,ssl,certcheck,certdate"
    2018:10:29-09:05:29 utm httpproxy[16587]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.XX.170" dstip="18.205.91.83" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5599" request="0xc4265800" url="https://app.grammarly.com/" referer="" error="" authtime="0" dnstime="10641" cattime="0" avscantime="0" fullreqtime="8038420" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="auth,content,url,ssl,certcheck,certdate"
    2018:10:29-09:05:29 utm httpproxy[16587]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.XX.170" dstip="54.210.34.44" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5908" request="0xce252c00" url="https://auth.grammarly.com/" referer="" error="" authtime="0" dnstime="8086" cattime="0" avscantime="0" fullreqtime="6737884" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="auth,content,url,ssl,certcheck,certdate"
    2018:10:29-09:05:39 utm httpproxy[16587]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.XX.170" dstip="54.161.98.25" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1939" request="0xa83b0a00" url="f-log-editor.grammarly.io/" referer="" error="" authtime="0" dnstime="4" cattime="0" avscantime="0" fullreqtime="9577448" device="0" auth="2" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" exceptions="auth,content,url,ssl,certcheck,certdate"

     

    Many thanks

  • For me, it works 

    I have added new exception WEB->Exception->Add New Exception 

     

     

    Antosh Madappa Dyade