Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 27143 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web Filter "Skip Transparent Mode Source Hosts/Nets" ignored

Shawn Wright

 Hello,

I am using UTM 9.503-4 in a home environment. I would like some internal hosts to be bypassed in Web Filtering, so have added them to the "Skip Transparent Mode Source Hosts/Nets", and checked "Allow HTTP/S traffic for listed hosts/nets". However, the policy helpdesk shows that the bypasses clients are still being filtered, and many sites using SSL work erratically or not at all. Turning off Web Filtering completely will usually resolve the issue, and allow traffic to traverse using MASQ and Firewall rules. 

My main reason for using Web Filtering is for Quotas on Youtube and Netflix, but neither of these work, as the quota never cuts off the connection once established (probably because I am not proxying SSL, as this breaks too many sites). So I am then limited to using time ranges, in which case there doesn't seem to be any advantage to using Web Filtering - I can just use regular L3 rules and time ranges. Is it futile to use the Web Filter in transparent mode without a trusted SSL cert on the clients, since most traffic is SSL these days?

I was hoping for something like the Palo Alto level of application awareness and control, but I guess that's not going to happen for free.



This thread was automatically locked due to age.
  • 0 in reply to BAlfson

    Hi Bob,

    Thanks for the example. I've actually done that test already, and it does work. The trick will be to determine the data cap, as Netflix bandwidth does vary quite a bit - old TV shows are much lower than new movies in HD, for example. This is a possible solution, although less precise than time quotas. It also won't address things like online gaming, or general time wasting sites.

    Thanks!

  • 0 in reply to Ol Deda

    Unknown said:

    Transparent mode works with configured clients to, For example an outside client. And if he needs to open a page for example x.x.x.x:4444, you have to put the Webadmin port in Allowed Target Services

    My Question is if you are using Endpoint Protection, and Where you put the client you want to skip Transparent Mode, In Destination or Source
    Because It is hard to believe  this doesnt work.
    Do a simple test Exclude one host, and immediately that host  will appear in firewall rules, otherwise we are missing something
    Maybe a screenshot will be in help

     

    Are you saying a firewall rule should appear, presumably under "Automatic firewall rules"? This is what I would expect also, but it's not happening. I do not have anything appearing under Automatic firewall rules, nor are there any other rules appearing which I have not created myself. I just tested this again, by deleting the entry in "Skip Transparent Mode Source Hosts/Nets", then recreating it. Applying after each step. Whether with the "Allow HTTP/S traffic for listed hosts/nets" checked or not, no rule appears. So either something is broken, or these "automatic" rules aren't supposed to be visible.

  • 0 in reply to Shawn Wright

    something is strange after last update. Yes the rule should be visible and in Firewall Live Log too

    I cant blame UTM because this is happening to me right now, but I am connected from outside. I will do the test tomorrow

  • 0 in reply to Ol Deda

    8444, Olsi? In any case, I skip the proxy for access to the UTM doing proxying for internal users.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Yes Bob, but I was behind one UTM reaching my home UTM.

    Anyway I tested from my home if the automatic rule will show up for my internal PC, and nothing

    And is not ended...

    I have to telnet a mailserver in port 25 from my PC, skipped my PC from transparent in SMTP. Same thing, NO automatic rule created

Unfiltered HTML