Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 3 subscribers
  • Views 12946 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Accessing WebAdmin through webfilter

KennethHolmqvist

Hi,

Why does WebAdmin (TCP/4444) access to another UTM get blocked in the webfilter? I think it should be working since it by default is in the allowed target services list. It does of course work if i create a firewall rule, but what's the reason in having it "allowed" in the webproxy then?

I'm running in transparent mode by the way!

I'm running 9.413 and have tried on 9.509 with same result

Here's the output from the log

2017:06:09-11:29:03 freja httpproxy[13959]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.45.15.49" dstip="xxx.xxx.xxx.xxx" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (NP Filter)" size="151" request="0xdf29ac00" url="https://xxx.xxx.xxx.xxx/" referer="" error="No route to host" authtime="0" dnstime="0" cattime="45" avscantime="0" fullreqtime="3023512" device="0" auth="0" ua="" exceptions="" category="9998" reputation="unverified" categoryname="Uncategorized" country="Denmark"



This thread was automatically locked due to age.
  • +1

    Kenneth, are you sure that's the line you meant to show us?  The error is "No route to host" and there's no 4444 in the URL.

    The firewall rule is required because only HTTP and HTTPS are intercepted by the Proxy in Transparent mode.  'Allowed Target Services' is only for 'Standard' mode.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

    Well it was the only line generated in the webproxy log. I was wondering about it as well :)

     

    Ahh okay i didn't knew that. Thanks Bob :)

    Sophos UTM 9.3 Certified Engineer
    Sophos UTM 9.3 Certified Architect
    Sophos XG v.15 Certified Engineer
    Sophos XG v.17 Certified Engineer
    Sophos XG v.17 Certified Architect

  • 0

    Webadmin has an infamous problem that it does not send the intermediate certificate.  Webfiltering has an equally infamous problem that it does not implement AIA fetching, so it will block access to ( the 10% of internet ) sites that do not include the intermediate certificate.

    The easy fix is to load the intermediate certificate on the client utm on web protection... CAs.

    The alternative is to use shell commands to override the webadmin cert problem.  The fix is described in another post

    A third option is to create an exception on the cliemt to bypass certificate checks on thst site

  • 0 in reply to DouglasFoster

    You will also discover that utm webfiltwr will not connect to a ITM WAF site because tje Waf sites always include the root certificate.  There is no fix on the server, so you have to create a certificate checking exception.

  • 0 in reply to DouglasFoster

    I think thst v9.5 will not block servers t hat ssend a root certificadte, because it implements a newer version of Openssl

Unfiltered HTML