This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WebProtection can't resolve hostnames without domain suffix

It seems that it's not possible to use WebProtection at all if I need http access to hosts on local or tunneled networks.

For example on Windows workstations there is a advanced DNS tab where I can put in a list with additional domain suffixes so every DNS request is being suffixed with those domains until a matching host is found.

Now when I use WebProtection in "Transparent mode" and try to access host-xyz without a domain suffix I get an error message from the sophos firewall.

Now my questions:

1. Is there a way to add multiple domain suffixes for the WebProtection proxy?

2. Since those hosts are trustful web-servers it would be also ok to create a Exception in Filtering Options to skip protection when accessing hostnames without domain suffixes. How I could create such a exception?



This thread was automatically locked due to age.
Parents
  • I've an VPN tunnel to an network with another DNS suffix. I added this suffix to "Network Services" -> "DNS" -> "Request Routing", and pointed to the DNS server of the other network so that the UTM knows, which DNS server it has to ask, when someone calls a URL with this suffix. But this is not working for HTTP request over the WebProtection proxy. I get an error "No route to host". I think the WebProtection proxy ask only the external DNS servers, not the internal or forwarded DNS servers.

    You need to add the networks to the exception list of the WebProtection to solve this.

  • Jas man, how does your configuration differ from DNS best practice?

    Please show the line from the Web Filtering log related to this problem.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data