This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trouble with Web Filtering.. maybe

Hi PPL. This is my first post so excuse me if I post in the wrong area etc. I am also VERY new to SOPHOS. I work for a small company and probably overbought, but wanted to get the best bang for the buck.

I am having trouble downloading a Bill of Lading from our freight company. I can access the main site and see our overview of BOLs. When I click to see an individual BOL it comes back with cannot connect. This action is redirected to another URL:8081. I have entered various exceptions and rules for the URL and added the 8081 port to the web surfing Firewall group. I do not see any blocking on the Firewall log or in the Web protection log. If I connect to my wireless ( which I setup via the setup wizard ) No added rules for the wireless connection other than what the wizard created, I can pull of the BOL with no trouble. Any ideas? I don't know how to be more specific but I can supply whatever is needed to try and get a solution.

TIA

Cooper



This thread was automatically locked due to age.
Parents
  • Without knowing what your running your proxy as, transparent/standard etc etc and even if your wireless is surfing through the proxy? I'd check to see if the port is allowed via the target services

     

    Web protection - Filtering Options - Misc

    Add 8081 and see if that works. But there should be a log entry. I'd also try running that through the policy helpdesk and see if it tells you  "Target service not allowed"

  • Thanks for the reply. I have tested it and the domain is allowed and the actual URL link to the file is allowed. I have no proxy configured, (or don't know where to look) just took the setup wizard with no content filtering enabled.

    I don't know where else to look to try and find what could be blocking the file. 

    TIA

  • Thats not a lot of information considering you're looking for help here. Thats the IP of your UTM? There has to be a difference between your wifi and local lan since one works and the other doesn't. There will be a log entry, firewall? You're surfing through the basic web profile (proxy) according to your screenshot. Make an exception and try again. Without knowing how you set this thing up, it's you who need to check your logs and do some really basic troubleshooting. https://www.sophos.com/en/support/documentation/sophos-utm.aspx

    This happens on ALL pc's hardwired on your network, and none of the wireless ones? Or is this one computer. This would probably be easy to figure out, but I dont think you want to pay me to fix it, nor am I local and able to check these things for you

  • Sorry it's not the information you were expecting.

    I have checked my firewall logs and filtered it on my IP, it does not block anything. I've tested it on several hardwired machines so I feel it is a rule somewhere that's catching it. It works fine on the wireless network. Again I simply used the wizard to create the rules.

    I am going through as many steps as I can to resolve the problem and not just trying to have someone give me the answer. This started two days ago so I've researched for that long before asking for help.

    I'll go through the link you provided and see where that takes me.

    I do appreciate your time and ideas nonetheless.

  • I'd create a web filter exception and see where that takes you. Or you can try turning off web filtering, and try.  If that works, your wifi network isn't using the proxy, and I'm guessing you don't want it that way. Is the wifi on the same subnet as the hardwired machines? Or are they different DHCP scopes?  

    And if something is blocked somewhere, there will be a log. Are your firewall rules logging, I dont think that is turned on by default? Check every log you can, rinse and repeat. 

  • statuscode="302" is a redirect isnt it? Might not be the URL you think it is, either way a log is somewhere telling you whats going on

  • The website we log into is a Flash site, then we click the shipment we want to view, then click BOL. This should pull in a new window.

    I enabled the firewall rules like you said.

    I turned off content filtering and tried, failed.

    I created a "firewall off" rule, ( ANY Source using ANY service to ANY destination). Set it at top. Did not work.

    The Wireless is setup on a different IP scheme than Hard Wired. 

    Here is Web filter log.

    2017:01:12-23:31:39 bonesafety httpproxy[9397]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.12" dstip="23.96.6.76" user="" group="" ad_domain="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="213" request="0xd592000" url="tms.eshipmanager.com/.../printdocument.cfm referer="tms.eshipmanager.com/index.cfm error="" authtime="0" dnstime="0" cattime="465" avscantime="5806" fullreqtime="33723501" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" exceptions="" category="105" reputation="neutral" categoryname="Business" application="flash" app-id="1128" sandbox="-" content-type="text/plain"

    Weird. Thanks again.

  • With the wifi and hardwire being on different subnets, that is probably your key. Does each one use the same DNS? Different? Are Each one of these subnets listed under the Allowed networks for your default web filter profile? Your web exception was content filtering only? What about antivirus, extensions filtering? Test everything. Again, this is more than likely your setup but you've yet to state anything about your proxy setup and your default web profile. 

  • rsenio said:

    With the wifi and hardwire being on different subnets, that is probably your key.

    Does each one use the same DNS? Different?

    Other than the pic below where would I see specific DNS entries for these networks?

    Are Each one of these subnets listed under the Allowed networks for your default web filter profile?

    No only the Internal Network. I have disabled the Web Filtering and it will still not work.

    Your web exception was content filtering only?What about antivirus, extensions filtering?

       

    Test everything. Again, this is more than likely your setup but you've yet to state anything about your proxy setup

     

    and your default web profile. Don't know where to find that info sry

     

  • Basic networking here. DNS is given out to your PC's via DHCP which you setup I assume? The first screenshot you provided shows what network is allowed to use the UTM as a DNS server, not at all what we're asking about. So each hardwired and wifi use the same DNS settings? They both use the UTM as a gateway, and both use the UTM as DNS? What is providing DHCP for your hardwired clients? What is providing DHCP for your wifi? Give us the DHCP scope info for both.

    If you disabled web filtering, then you were on the exact screen that shows what networks are allowed to use the proxy and how your proxy is setup. The last screenshot has nothing to do with what we're asking, nor does it have to do with web filtering/proxy.

  • DHCP is provided by the UTM for both the Internal and Wireless networks.

    Just tell me what you would like to see.

  • What IP is 172.16.28.1? Also according to your screenshot, only the internal network is allowed to use the proxy (I assume the "internal network" definition is the 192.168.2.X subnet)

Reply Children
  • rsenio said:

    What IP is 172.16.28.1? WLAN0

    Also according to your screenshot, only the internal network is allowed to use the proxy (I assume the "internal network" definition is the 192.168.2.X subnet)

    Correct, everything was done via wizard.

     

  • So hardwire is using the proxy and wireless isn't? Which would make sense since wifi works from what you say. Especially since it's a guest network, I would think it segregates the two so that your internal network isn't exposed. I've never used the wizard, I'm not sure what it sets up and what it doesn't. Something is filtered somewhere, either web filtering or firewall for your internal network. Again, there's gotta be a log telling you

  • This worked before you installed the utm?