Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 4 subscribers
  • Views 11302 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

StatusCode 407 Errors on 9.502-4 and 9.503-4

TimBoggs

This is similar/same as a previous thread from 2015, but something I just noticed on our firewalls. The logs are full of 407 errors, almost one for every 200 code when I crunch the numbers.

Standard Proxy with AD SSO

DHCP autoproxy configuration option 252 = http://sophos.internal.com:8080/wpad.dat

Group created in Definitions and Users for domain users.

Authentication configured and tested.

 

We get the same result with all browsers (IE, Edge, Chrome, Firefox) whether they are configured with "Automatic Discovery" (DHCP - Except Firefox which doesn't support DHCP discovery), "Automatic Proxy Configuration" (http://sophos.internal.com:8080/wpad.dat) or "Manual Proxy" (http://sophos.internal.com:8080).



This thread was automatically locked due to age.
Parents
  • +1

    I think the manual proxy should include wpad.dat

    Overall, you seem to have two possibilities - proxy config not being applied successfully or UTM failing to talk to AD correctly.

    Given UTM recent history, you should probably disconnect from AD, then join to the domain again.   Then retest on the authentication server tab.  Then test on Policy Help desk tab.  Then test from a desktop device.  

Reply
  • +1

    I think the manual proxy should include wpad.dat

    Overall, you seem to have two possibilities - proxy config not being applied successfully or UTM failing to talk to AD correctly.

    Given UTM recent history, you should probably disconnect from AD, then join to the domain again.   Then retest on the authentication server tab.  Then test on Policy Help desk tab.  Then test from a desktop device.  

Children
  • 0 in reply to DouglasFoster

    It appears to be a non-issue. According to Sophos support, the 407 errors are normal for Standard proxy with authentication. I found an old log file from before the upgrade to 9.5xx and it also had the 407 errors.

    Actually the reason I was so concerned was that I had to rejoin one of the UTM's to the domain last night these errors were still occurring. Only time I really looked at the statuscode for traffic that was "passed" rather than "blocked". I also created a pivot table with statuscode showing a ton of 407's.

  • 0 in reply to TimBoggs

    Typically, a 407 would be expected to generate a pop-up asking for "basic mode" login information.  If that is not occurring, then Support must be correct.

    I use Standard proxy and I thought I knew my log files pretty well, but I do not remember seeing this occur frequently.   Good catch.

Unfiltered HTML