Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 26 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 21808 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trouble with Web Filtering.. maybe

Jeff Cooper

Hi PPL. This is my first post so excuse me if I post in the wrong area etc. I am also VERY new to SOPHOS. I work for a small company and probably overbought, but wanted to get the best bang for the buck.

I am having trouble downloading a Bill of Lading from our freight company. I can access the main site and see our overview of BOLs. When I click to see an individual BOL it comes back with cannot connect. This action is redirected to another URL:8081. I have entered various exceptions and rules for the URL and added the 8081 port to the web surfing Firewall group. I do not see any blocking on the Firewall log or in the Web protection log. If I connect to my wireless ( which I setup via the setup wizard ) No added rules for the wireless connection other than what the wizard created, I can pull of the BOL with no trouble. Any ideas? I don't know how to be more specific but I can supply whatever is needed to try and get a solution.

TIA

Cooper



This thread was automatically locked due to age.
  • 0 in reply to rsenio

    statuscode="302" is a redirect isnt it? Might not be the URL you think it is, either way a log is somewhere telling you whats going on

  • 0 in reply to rsenio

    The website we log into is a Flash site, then we click the shipment we want to view, then click BOL. This should pull in a new window.

    I enabled the firewall rules like you said.

    I turned off content filtering and tried, failed.

    I created a "firewall off" rule, ( ANY Source using ANY service to ANY destination). Set it at top. Did not work.

    The Wireless is setup on a different IP scheme than Hard Wired. 

    Here is Web filter log.

    2017:01:12-23:31:39 bonesafety httpproxy[9397]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.2.12" dstip="23.96.6.76" user="" group="" ad_domain="" statuscode="302" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="213" request="0xd592000" url="tms.eshipmanager.com/.../printdocument.cfm referer="tms.eshipmanager.com/index.cfm error="" authtime="0" dnstime="0" cattime="465" avscantime="5806" fullreqtime="33723501" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36" exceptions="" category="105" reputation="neutral" categoryname="Business" application="flash" app-id="1128" sandbox="-" content-type="text/plain"

    Weird. Thanks again.

  • 0

    Hi Jeff,

    I did skim reading of the question. Please configure the following points:

    1. In your DNS forwarders assign IP addresses 8.8.8.8 and 4.2.2.2.

    2. If transparent proxy is configured for Web Protection then, add the URLs in the skip transparent proxy for the destination address. You will see this option in Web Protection> Filtering option> MISC > Skip Transparent Mode Destination.

    If it is still blocked, show me http.log for the source address.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to Jeff Cooper

    With the wifi and hardwire being on different subnets, that is probably your key. Does each one use the same DNS? Different? Are Each one of these subnets listed under the Allowed networks for your default web filter profile? Your web exception was content filtering only? What about antivirus, extensions filtering? Test everything. Again, this is more than likely your setup but you've yet to state anything about your proxy setup and your default web profile. 

  • 0 in reply to sachingurung

    I added my ISPs DNS' entries into the forwarders addresses.

    I added the addresss to the 'Skip Transparent Mode Destination and it did not work. Did you want the HTTP Daemon or Web protection log?

  • 0 in reply to Jeff Cooper

    Is your proxy even in transparent mode? You haven't said anything about how that was setup, did you follow any documentation on setting that UTM up? Or just doing this blindly?

  • 0 in reply to rsenio

    rsenio said:

    With the wifi and hardwire being on different subnets, that is probably your key.

    Does each one use the same DNS? Different?

    Other than the pic below where would I see specific DNS entries for these networks?

    Are Each one of these subnets listed under the Allowed networks for your default web filter profile?

    No only the Internal Network. I have disabled the Web Filtering and it will still not work.

    Your web exception was content filtering only?What about antivirus, extensions filtering?

      

    Test everything. Again, this is more than likely your setup but you've yet to state anything about your proxy setup

     

    and your default web profile. Don't know where to find that info sry

     

  • 0 in reply to rsenio

    Like I said, I used the setup wizard, and yes there is some blindness as with anyone working with a new device or tool they are not familiar with. I am not CCNP certified nor am I Sophos trained. I knew there would be glitches but had no choice in getting this online as my old firewall died and I needed the business operational by Monday which I achieved. I do appreciate anyones help and will try whatever is needed to get this piece working. I have a feeling its something simple as the wireless network will allow it.

    Monday I will contact my vendor and see if I can contract with them to ensure proper setup of the device at this point.

    Thanks again for the help. I am just as aggravated that I cannot find a log entry of the blocking. I have viewed every log file.

    I feel I will be fairly proficient with this device when this is done though so there is a silver lining. :-)

  • 0 in reply to Jeff Cooper

    Basic networking here. DNS is given out to your PC's via DHCP which you setup I assume? The first screenshot you provided shows what network is allowed to use the UTM as a DNS server, not at all what we're asking about. So each hardwired and wifi use the same DNS settings? They both use the UTM as a gateway, and both use the UTM as DNS? What is providing DHCP for your hardwired clients? What is providing DHCP for your wifi? Give us the DHCP scope info for both.

    If you disabled web filtering, then you were on the exact screen that shows what networks are allowed to use the proxy and how your proxy is setup. The last screenshot has nothing to do with what we're asking, nor does it have to do with web filtering/proxy.

  • 0 in reply to rsenio

    DHCP is provided by the UTM for both the Internal and Wireless networks.

    Just tell me what you would like to see.

Unfiltered HTML