Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 3 subscribers
  • Views 30056 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM Web Filter is Blocking everything except youtube

Peter Evans

Ok so i'm new to Sophos UTM. i wanted to try it out before i commit.

I have it installed on a device with 4 nics. 2 nics are used to bridge the gap between Switch and Router and a 3rd is used for management.

Switch ---> UTM ---> Router

The bridge was setup as a ethernet bridge ip 0.0.0.0/24 and IPv4 Default gate is the ip of the router (192.168.10.1)

First Issue - Sophos Endpoint Live connect say it is disabled. If i remove the UTM from the bridge and only have management nic live with IP (192.168.10.8) Live connect works fine.

As soon as i turn the bridge on it fails to connect.

 

Second issue and more importantly. when i turn on Web Filter almost all websites are blocked. they either return network unreachable or host unknown. Youtube work fine

I have a firewall rule that is Any Any Any. I have tried the web filter with Any network, Internal network (192.168.10.0/24) and about every other way possible. As soon as i turn the Web filter off everything works.

I use open DNS on my router. I have tried leaving all UTM settings as defaults and setting OpenDNS in the UTM and forwarder. still nothing. 

 

any ideas?



This thread was automatically locked due to age.
  • 0 in reply to Louis-M

    ok heres one log where it is blocking. it resolves the IP so guess DNS is ok. strangely if i put the same URL into the policy helpdesk it says allowed...

    2017:05:19-20:18:24 update URID[8559]: T=8559 ------ 2 - Warning: EARLY TIMEOUT: dns context 0 has 5933 ms before it should time out\n
    2017:05:19-20:18:26 update httpproxy[8585]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x97d0600" function="connect_server" file="dns.c" line="1191" message="connect() on AF 2 socket to 173.230.139.54 failed: Network is unreachable"
    2017:05:19-20:18:26 update httpproxy[8585]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.10.11" dstip="173.230.139.54" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="85350" request="0x97d0600" url="www.emby.media/community" referer="" error="Network is unreachable" authtime="0" dnstime="1" cattime="0" avscantime="0" fullreqtime="2149" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" exceptions="auth" country="United States"
    2017:05:19-20:18:26 update httpproxy[8585]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0x9a3c000" function="connect_server" file="dns.c" line="1191" message="connect() on AF 2 socket to 173.230.139.54 failed: Network is unreachable"
    2017:05:19-20:18:26 update httpproxy[8585]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.10.11" dstip="173.230.139.54" user="" group="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="85352" request="0x9a3c000" url="www.emby.media/favicon.ico" referer="www.emby.media/community" error="Network is unreachable" authtime="0" dnstime="1" cattime="0" avscantime="0" fullreqtime="1931" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" exceptions="auth" country="United States"

  • 0 in reply to Peter Evans

    It shows in there that the default filter action is blocking the website. Have you changed any of the filters or anything?

    Try this site:

    http://www.fastvue.co/sophos/blog/easily-evaluate-sophos-utm-using-full-transparent-mode/

  • 0 in reply to Louis-M

    mmm ye i can see the default filter action is blocking but in that filter everything is set to allow. if i change the base policy to use default filter block with everything set to block - then i can get to google but every website is blocked but instead of getting network unreachable i get a error saying blocked because of category yxz.

    i dont recall ever changing anything in the default filters.

  • 0 in reply to Peter Evans

    Hi, Peter, and welcome to the UTM Community!

    When you bridge the UTM, you must use 'Full Transparent' mode in Web Filtering.  I can't imagine that it's possible to leave the bridge without an IP and a default gateway and have the Proxy work.  Any better luck doing it as I suggest here?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML