This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WebProtection can't resolve hostnames without domain suffix

It seems that it's not possible to use WebProtection at all if I need http access to hosts on local or tunneled networks.

For example on Windows workstations there is a advanced DNS tab where I can put in a list with additional domain suffixes so every DNS request is being suffixed with those domains until a matching host is found.

Now when I use WebProtection in "Transparent mode" and try to access host-xyz without a domain suffix I get an error message from the sophos firewall.

Now my questions:

1. Is there a way to add multiple domain suffixes for the WebProtection proxy?

2. Since those hosts are trustful web-servers it would be also ok to create a Exception in Filtering Options to skip protection when accessing hostnames without domain suffixes. How I could create such a exception?



This thread was automatically locked due to age.
  • "Regarding the "skiplist"...there are too many hosts in the remote network that we need to connect to. It's an impossible task of getting the list of all those remote hosts and putting them in a list or definition."

    In this case, use CIDR notation for the network(s) there.

    "I assume that the webprotection proxy does a DNS lookup even in transparent mode."

    In Transparent, the client does the DNS lookup.  In Standard, the Proxy does it.  If your client is configured to use the UTM as an explicit proxy, but the UTM is configured in Transparent, the Proxy will handle the request as if it were in Standard mode.  Make sure 'Automatically detect settings' is not selected in 'LAN Settings' in IE.

    I bet that last comment resolves your issue, but you might want to consider DNS best practice.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Chris,

    Taking your concept into consideration, 'if someone needs to resolve for example "hostxyz" the local DNS on the client adds all domain suffixes in order to this hostname and creates an FQDN'. As per the posted log lines, it seems that the UTM is receiving only "url="http://intranet/" and not an FQDN. Verify that on the local end.

    Out of the box, what happens when define the action as allow for uncategorized website category in the filter action. As we can see a block due to "reputation="unverified" categoryname="Uncategorized"."

    Hope that helps.

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.