Firmware version: 9.502-4
Hello,
Since I've enabled the Web Filtering protection, my corporate VPN client app (Pulse Network Connect 8.1.7.41041) gets disconnected precisely after every 5 minutes. If I disable the Web Filtering protection, this is not occuring anymore (the VPN client stays connected till my company VPN server close the connection after 8 hours).
Any advices on how to set the filtering options and policies to avoid that disconnection every 5 minutes?
Thanks in avance.
Hi,
Please show us few lines from the http.log that reflect the drop for the VPN client. Refer, Sophos UTM Logfile information. If you see a relative drop in the http.log then, does defining the source network in the transparent skip list for the source in Web Filtering | Filtering option | MISC resolves the issue?
If you see relative drops in the http.log then, does defining the destination network in the transparent skip list for the source in Web Filtering | Filtering option | MISC resolves the issue?
Thanks
Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
OK here are the Sophos logs extracts of my corporate laptop (LAN IP 192.168.0.35) for a period of 30 minutes (extracted via my Splunk local which collects all the Sophos logs).
For confidentiality purposes, I've replaced:
- the IP of my VPN server by 1.2.3.4
- the url of my vpn server by https://anonymized.fake.vpn.url/
- the mac address of the PC (ip 192.168.0.35) which has the VPN client disconnecting every 5 minutes by aa:bb:cc:dd:ee:ff
- the mac address of the VPN server by ff:ee:dd:cc:bb:aa
- the ip of our corporate Microsoft Lync server by 2.3.4.5
- the url of our corporate Microsoft Lync server by https://anonymized.fake.microsoftlync.url/
- the real categoryname by FakeCategory (my real category do not exists as such in the default UTM web filtering categories but "Uncategorized websites" are allowed)
- our corporate antivirus solution (internet) IP (for signature download I believe) with 3.4.5.6
So in summary, there is no real drop in the httpproxy logs, mainly the reconnection to the VPN server every 5 minutes. In the firewall (ulogd) logs, there are some drops (fwrule="60003") but these are not happening every 5 minutes (as far as I an see this happen every 45 minutes more or less)
Based on that, will adding settings in the transparent skip list will help? Thanks in advance
<30>2017:07:26-23:29:24 sophosutm dhcpd: DHCPACK to 192.168.0.35 (aa:bb:cc:dd:ee:ff) via eth1
<30>2017:07:26-23:29:24 sophosutm dhcpd: DHCPINFORM from 192.168.0.35 via eth1
<30>2017:07:26-23:29:17 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4799" request="0xdf375000" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="266" avscantime="0" fullreqtime="166032" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:29:16 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1312" request="0xdf739e00" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="303" avscantime="0" fullreqtime="92379" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:29:16 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9236" request="0xdb4da000" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="297" avscantime="0" fullreqtime="205145" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:29:15 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="63448" request="0xdbbf6c00" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="320" avscantime="0" fullreqtime="302057149" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:24:15 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4799" request="0xa5f5e00" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="276" avscantime="0" fullreqtime="165250" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:24:14 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1312" request="0xdb714c00" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="0" cattime="146" avscantime="0" fullreqtime="106077" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:24:14 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9236" request="0xdfa07800" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="304" avscantime="0" fullreqtime="184838" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:24:13 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5500" request="0xdf92f800" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="268" avscantime="0" fullreqtime="308214611" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:23:42 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="3.4.5.6" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3531" request="0xdb903800" url="https://3.4.5.6/" referer="" error="" authtime="0" dnstime="1" cattime="39513" avscantime="0" fullreqtime="269562952" device="0" auth="0" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business"
<30>2017:07:26-23:21:17 sophosutm httpproxy[15190]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.0.35" dstip="2.3.4.5" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="151" request="0xdf940000" url="https://anonymized.fake.microsoftlync.url/" referer="" error="Connection timed out" authtime="0" dnstime="1" cattime="37751" avscantime="0" fullreqtime="127290032" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:19:14 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4799" request="0xdce57e00" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="282" avscantime="0" fullreqtime="179104" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:19:13 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1312" request="0x9d3b200" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="283" avscantime="0" fullreqtime="98315" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:19:13 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9236" request="0xdf626a00" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="304" avscantime="0" fullreqtime="198429" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:19:05 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4494" request="0xdc351600" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="285" avscantime="0" fullreqtime="163295" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:19:05 sophosutm dhcpd: DHCPACK to 192.168.0.35 (aa:bb:cc:dd:ee:ff) via eth1
<30>2017:07:26-23:19:05 sophosutm dhcpd: DHCPINFORM from 192.168.0.35 via eth1
<30>2017:07:26-23:19:05 sophosutm dhcpd: DHCPACK to 192.168.0.35 (aa:bb:cc:dd:ee:ff) via eth1
<30>2017:07:26-23:19:05 sophosutm dhcpd: DHCPINFORM from 192.168.0.35 via eth1
<30>2017:07:26-23:19:04 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5133" request="0xdf626a00" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="301" avscantime="0" fullreqtime="17524835" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:18:46 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="75635" request="0xdf281800" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="292" avscantime="0" fullreqtime="302058974" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:15:35 sophosutm ulogd[4752]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="ff:ee:dd:cc:bb:aa" srcip="1.2.3.4" dstip="192.168.0.35" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="62540" tcpflags="RST"
<30>2017:07:26-23:15:35 sophosutm ulogd[4752]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="ff:ee:dd:cc:bb:aa" srcip="1.2.3.4" dstip="192.168.0.35" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="62539" tcpflags="RST"
<30>2017:07:26-23:15:33 sophosutm ulogd[4752]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="ff:ee:dd:cc:bb:aa" srcip="1.2.3.4" dstip="192.168.0.35" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="62540" tcpflags="RST"
<30>2017:07:26-23:15:33 sophosutm ulogd[4752]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="ff:ee:dd:cc:bb:aa" srcip="1.2.3.4" dstip="192.168.0.35" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="62539" tcpflags="RST"
<30>2017:07:26-23:15:33 sophosutm ulogd[4752]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="ff:ee:dd:cc:bb:aa" srcip="1.2.3.4" dstip="192.168.0.35" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="62539" tcpflags="RST"
<30>2017:07:26-23:15:33 sophosutm ulogd[4752]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="ff:ee:dd:cc:bb:aa" srcip="1.2.3.4" dstip="192.168.0.35" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="62540" tcpflags="RST"
<30>2017:07:26-23:15:33 sophosutm ulogd[4752]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="ff:ee:dd:cc:bb:aa" srcip="1.2.3.4" dstip="192.168.0.35" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="62539" tcpflags="RST"
<30>2017:07:26-23:15:33 sophosutm ulogd[4752]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="ff:ee:dd:cc:bb:aa" srcip="1.2.3.4" dstip="192.168.0.35" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="62540" tcpflags="RST"
<30>2017:07:26-23:14:01 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4887" request="0xdf940000" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="183" avscantime="0" fullreqtime="29486978" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:13:52 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3885" request="0xdc9d0c00" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="303" avscantime="0" fullreqtime="20144687" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:13:46 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4799" request="0xdc8f5600" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="303" avscantime="0" fullreqtime="183301" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:13:45 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1312" request="0xdce57e00" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="304" avscantime="0" fullreqtime="94830" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:13:45 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9236" request="0xdf92f800" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="237" avscantime="0" fullreqtime="206691" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:13:44 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7302" request="0xdbc13600" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="310" avscantime="0" fullreqtime="301051457" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:08:45 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4799" request="0xdc07d600" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="307" avscantime="0" fullreqtime="169276" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:08:44 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1312" request="0xdb55ac00" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="269" avscantime="0" fullreqtime="96590" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:08:44 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9236" request="0xdca15200" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="303" avscantime="0" fullreqtime="199960" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:08:43 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7861" request="0xdbbf6600" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="320" avscantime="0" fullreqtime="301058014" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:03:45 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4799" request="0xdca15200" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="289" avscantime="0" fullreqtime="193429" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:03:43 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4703" request="0xdbf0c00" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="281" avscantime="0" fullreqtime="172002" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:03:43 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9236" request="0xdfa07800" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="299" avscantime="0" fullreqtime="190248" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
<30>2017:07:26-23:03:42 sophosutm httpproxy[15190]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.35" dstip="1.2.3.4" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="7254" request="0xdb280000" url="https://anonymized.fake.vpn.url/" referer="" error="" authtime="0" dnstime="1" cattime="273" avscantime="0" fullreqtime="301054591" device="0" auth="0" ua="" exceptions="" category="117" reputation="trusted" categoryname="FakeCategory"
The only block in the log lines is related to the Lync server. Define the server IP in the transparent skip list for destination and let us know if that resolves the issue.
Thanks
Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Salut, and welcome to the UTM Community!
You will want to skip the Proxy for both Lync and your VPN. Check both of the FQDNs with something like Domain Dossier to see if either has multiple A records. Use a DNS Group definition if so, otherwise just use a DNS Host definition. As Sachin says, put these objects into 'Skip Transparent Mode Destination Hosts/Nets' list on the 'Misc' tab of 'Web Filtering'.
Cheers - Bob
Since this is a question about Web Protection, I will move the thread to that forum.
Hello,
Following your advices, I managed to solve this problem. So in summary, this is what I did:
1- Create a new "DNS Group" network definition for my corporate VPN domain name (it discovered the two different IPs/A records since our VPN is high-available and load balanced)
2- Add this new DNS Group in the list of "Skip Transparent Mode Destination Hosts/Nets" in "Web filterning --> Filtering Options --> Misc" tab.
After applying that change, my VPN client app do not disconnect every 5 minutes anymore.
Thanks a lot to both of you for your precious help and UTM knowledge :)
Quote
