Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 4404 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Protection - Standard mode

RichardHughes1

Hi,

I have one Sophos UTM running version 9.408-4. I'm having a bit of trouble with Web Protection, where I've had Transparent mode set for a good few years. Yesterday, I decided that I wanted to change this mode back to Standard mode... but for some bizarre reason, clients are still automatically picking up the proxy server without having the proxy server physically set on the client. As a test, I also disabled "Automatically detect settings" on a client... but this client still managed to pick up the proxy?

Has anybody else experienced this problem?

Cheers,

Richard

 

Update - I've discovered that if I remove the proxy settings from a client, then the client will have unfiltered Internet access. Websites which are blocked on ALL policies I have, are for some reason accessible if I remove the proxy settings from a client. There is also no prompt for authentication, and there is nothing being logged in the Web Protection log for clients which I remove the proxy server settings from.



This thread was automatically locked due to age.
  • 0

    For the unfiltered access, you most likely have a firewall rule allowing Web surfing or HTTP/HTTPS somewhere in your firewall rules.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    Hi apijnappels,

    Thanks for your help, I did indeed have this set as a Firewall rule. As a quick test, I removed one of my VLANs from this rule. This resulted in clients on that VLAN only being able to access the Internet if the proxy settings were manually set. This is indeed what I am looking for, but this also introduces some problems with application functionality, such as TeamViewer.

    What I find most confusing is that clients which aren't joined to the domain / OR / clients which have non-domain users logged-on to, with no proxy settings set, are suddenly having direct access to the Internet, completely bypassing Web Protection. This wasn't an issue before, as previously, non-domain users were prompted for authentication when trying to access the Internet.

    Cheers,

    Richard

  • 0 in reply to RichardHughes1

    For teamviewer you can open up port 5938 to the internet. This is a port teamviewer uses to connect. I believe you can create a policy with browser based authentication. Haven't done much with that, but that should ask for credentials when no other credentials are found. You can place this policy as the lowest so it will be the last to evaluate.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to RichardHughes1

    Richard, You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address. I also maintain a version auf Deutsch translated by fellow member hallowach when he and I did a major revision in 2013.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML