This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Filtering is intermittently not authenticating

We have an UTM625 FW version 9.505-4. I am having an intermittent issue with filtering authentication. We are using AD for authentication and sometimes, intermittently, it will pop up asking for a username and password on a site that should be allowed for that profile. I'll give an example. We have a basic policy for non-authenticated users that warns for the shopping category. If I visit a shopping site, most of the time,  it will bring up the page just fine, then after an undetermined amount of time, if I visit another shopping site or refresh the site I was one, I get a warn page and sometimes an authentication box for username and password. If this was a blocked site, it would show the block page. If I enter my credentials, it will work. I have checked the Web filtering log files during the time that it happens and I can see where it shows my username when working, but then for some reason, the username is not shown and that is when I get the basic profile. Not exactly sure what mechanism to check for when this happens, however, it is happening to all users throughout the day. I get calls regularly asking to unblock a site that when I run the Policy Helpdesk against their username it shows it is allowed. It may be unrelated, but Internet seems to be slower lately too. See attached screenshot from the logs. You can when my username shows up, the site is allowed, then it shows blocked, no username while on the same site.

 



This thread was automatically locked due to age.
Parents
  • Here is another example where it works, then not, then working again all within one second.

     

  • Does Up2Dating to 9.506 resolve this issue, Tom?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Right now I can't update. I have a ticket open with support for another issue they are actively working. This problem existed before the latest updates as well, so unless it is specified in the release notes, I would expect it does not correct the issue. I was wondering if it was a load issue.

  • Tom, I knew that it was and that's why I suggested the Up2date.  Because of this issue and others, I have kept all of my clients at 9.413 up until recently when I began recommending to them that they Up2Date to 9.506.

    https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-506-released

    NUTM-8752 [Web] NTLM Issue with AD SSO in Transparent Mode

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It's interesting. We had our Appliance crash a few months back and since we had support on it, Sophos sent us a replacement unit. We had to load from scratch and of course support tells you that you need to be on the latest version, especially when you open a ticket.

  • Since I manage all Support Cases for my clients and I'm always in tune to the latest, solid release, I explain that the issue has not been addressed on any newer Up2Dates and I refuse to move to the latest version.  Dealing with first-level support is a necessary evil, but the cases that get past me typically have to be escalated.  Half of the time, it takes me less time to fix the problem than it would to submit a case, and there's no additional charge.  It's difficult for a school system to craft an RFP that fits this model though.

    Note that I don't think that the authentication problems have been 100% addressed, just that 9.506 makes them so minimal that the advantages of moving from 9.413 to 9.506 vastly outweigh the remaining issues.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Since I manage all Support Cases for my clients and I'm always in tune to the latest, solid release, I explain that the issue has not been addressed on any newer Up2Dates and I refuse to move to the latest version.  Dealing with first-level support is a necessary evil, but the cases that get past me typically have to be escalated.  Half of the time, it takes me less time to fix the problem than it would to submit a case, and there's no additional charge.  It's difficult for a school system to craft an RFP that fits this model though.

    Note that I don't think that the authentication problems have been 100% addressed, just that 9.506 makes them so minimal that the advantages of moving from 9.413 to 9.506 vastly outweigh the remaining issues.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data