Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 3 subscribers
  • Views 24656 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filtering still blocks sites that are allowed AND pass policy check

cyberzeus

To begin, I have searched the various Sophos forums for the better part of 2 days and tried all of the things that seem to relate to the issue described in the subject line.  Only one thing has ever worked - adding host\network\website entries in the Transparent Mode Skiplist.

While this solves the immediate issue of not being able to browse desired sites, IMO it also indicates that the UTM a pretty useless device if utilizing either of the Transparent modes.  It seems clear that to really reap the benefits of the UTM, Standard mode must be used.  If I am incorrect and\or judging the UTM too harshly, please feel free to comment as you see fit.

In terms of the actual issue, I performed no less that 8 discrete tests to try and get various http\https sites to come up and each failed with a very similar log message (see below).  As I mentioned earlier, the only thing that allowed the sites to come up were specific entries in Web Protection --> Filtering Option --> Misc --> Transparent Mode Skiplist.  Even exclusions would not work.

All of my tests and exclusions successfully passed policy checks despite resulting in failure to allow the site to come up properly.

Each test had the following common config:

  • Do not proxy HTTPS traffic in transparent mode = ENABLED
  • Authentication = NONE
  • UTM in bridged configuration.

These are the different tests I attempted:

  • Policy-1 --> ALLOW ALL --> no whitelist; Full Transparent mode; Exceptions = DISABLED
  • Policy-2 --> BLOCK ALL --> enable whitelisting of sites; Full Transparent mode; Exceptions = DISABLED
  • Policy-1 --> ALLOW ALL --> no whitelist; Transparent mode; Exceptions = DISABLED
  • Policy-2 --> BLOCK ALL --> enable whitelisting of sites; Transparent mode; Exceptions = DISABLED
  • Policy-1 --> ALLOW ALL --> no whitelist; Full Transparent mode; Exceptions = ENABLED
  • Policy-2 --> BLOCK ALL --> enable whitelisting of sites; Full Transparent mode; Exceptions = ENABLED
  • Policy-1 --> ALLOW ALL --> no whitelist; Transparent mode; Exceptions = ENABLED
  • Policy-2 --> BLOCK ALL --> enable whitelisting of sites; Transparent mode; Exceptions = ENABLED
  • In between each of the above, the browser's cookies & cached content were both cleared before moving to the next test.
  • Reiterating once again, upon adding an entry in the Transparent Mode Skiplist for the client machine OR the website being attempted, the website came right up and the error log message was NOT generated.

This is the typical message that was logged with each failure - the only deltas between this and the various tests are the unique information such as timestamp, destination IP address, etc.

2017:12:24-17:21:11 tyr3 httpproxy[7247]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="[ MASKED ]" dstip="216.239.116.73" user="" group="" ad_domain="" statuscode="504" cached="0"profile="REF_HttProContaBrdg1Netwo (tm1)" filteraction="REF_HttCffFilterallo (filter_allowAll_BASE)" size="0" request="0x15cdbe00" url="www.showtimeanytime.com/" referer="" error="Connection to server timed out" authtime="0" dnstime="78" cattime="0" avscantime="0" fullreqtime="60117618" device="0" auth="0" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" exceptions=""

Let me know if you have any thoughts, ideas or feedback.

Thanks.



This thread was automatically locked due to age.
Parents Reply Children
Unfiltered HTML