Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 3 subscribers
  • Views 4407 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Protection - Standard mode

RichardHughes1

Hi,

I have one Sophos UTM running version 9.408-4. I'm having a bit of trouble with Web Protection, where I've had Transparent mode set for a good few years. Yesterday, I decided that I wanted to change this mode back to Standard mode... but for some bizarre reason, clients are still automatically picking up the proxy server without having the proxy server physically set on the client. As a test, I also disabled "Automatically detect settings" on a client... but this client still managed to pick up the proxy?

Has anybody else experienced this problem?

Cheers,

Richard

 

Update - I've discovered that if I remove the proxy settings from a client, then the client will have unfiltered Internet access. Websites which are blocked on ALL policies I have, are for some reason accessible if I remove the proxy settings from a client. There is also no prompt for authentication, and there is nothing being logged in the Web Protection log for clients which I remove the proxy server settings from.



This thread was automatically locked due to age.
Parents
  • 0

    For the unfiltered access, you most likely have a firewall rule allowing Web surfing or HTTP/HTTPS somewhere in your firewall rules.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    Hi apijnappels,

    Thanks for your help, I did indeed have this set as a Firewall rule. As a quick test, I removed one of my VLANs from this rule. This resulted in clients on that VLAN only being able to access the Internet if the proxy settings were manually set. This is indeed what I am looking for, but this also introduces some problems with application functionality, such as TeamViewer.

    What I find most confusing is that clients which aren't joined to the domain / OR / clients which have non-domain users logged-on to, with no proxy settings set, are suddenly having direct access to the Internet, completely bypassing Web Protection. This wasn't an issue before, as previously, non-domain users were prompted for authentication when trying to access the Internet.

    Cheers,

    Richard

  • 0 in reply to RichardHughes1

    For teamviewer you can open up port 5938 to the internet. This is a port teamviewer uses to connect. I believe you can create a policy with browser based authentication. Haven't done much with that, but that should ask for credentials when no other credentials are found. You can place this policy as the lowest so it will be the last to evaluate.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • 0 in reply to RichardHughes1

    For teamviewer you can open up port 5938 to the internet. This is a port teamviewer uses to connect. I believe you can create a policy with browser based authentication. Haven't done much with that, but that should ask for credentials when no other credentials are found. You can place this policy as the lowest so it will be the last to evaluate.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
No Data
Unfiltered HTML