This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Probleme bei Verbindungsaufbau

Hallo Zusammen, wie haben bei uns in der Firma ein AqariumPC dieser speichert die Werte (PH usw.) in der Cloud, leider bekomme ich keine Verbindung zu dessen Servern aufgebaut, jemand eine Idee:

messageid="16002" log_type="Content Filtering" log_component="HTTP" log_subtype="Denied" status="" fw_rule_id="6" user="" user_group="" web_policy_id="0" web_policy="" category="" category_type="Acceptable" url="" content_type="" override_token="" response_code="" src_ip="10.10.10.188" dst_ip="40.114.243.70" protocol="TCP" src_port="50909" dst_port="80" bytes_sent="0" bytes_received="0" domain="" exception="" activity_name="" reason="HTTP parsing error encountered." user_agent="" status_code="403" transaction_id="" referer="" download_file_name="" download_file_type="" upload_file_name="" upload_file_type="" con_id="879625152" app_name="" app_is_cloud="0" override_name="" override_authorizer="" used_quota="0"

Eine eigene Webregel hat die IP:

Die Fehlermeldungen sind im LOG:

This thread was automatically locked due to age.

Parents

0 Keyur 7 months ago

Hi Floiran Lentz

Could you please create a test firewall rule for the specific IP and do not apply any policy or scanning and check, if you are able to connect or access the destination server. Apply scanning and policy one by one and verify that which parameters causing issue to access.

Regards,

Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Cancel
Up 0 Down

Cancel
0 Floiran Lentz 6 months ago in reply to Keyur

So i have but the same Problem
Cancel
Up 0 Down

Cancel

Reply

0 Floiran Lentz 6 months ago in reply to Keyur

So i have but the same Problem
Cancel
Up 0 Down

Cancel

Children

0 emmosophos 6 months ago in reply to Floiran Lentz

Hello Floiran,

Can you make sure that the Firewall rule is on TOP and that the NATed Firewall rule is also being hit by this computer.

Additionally to this, can you run from the backend of the XG the following commmand:

# wget --no-check-certificate https://40.114.243.70

If the website you are trying to connect has a URL you can change the IP for that URL.

Also please try adding an exception for SSL/TLS for this computer under Protect >> SSL/TLS inspection rules >> Add, Action = Don't decrypt, Position = TOP, Decryption Profile = Maximum compatibility, and change the Source Network and Destination Network accordingly.

Regards,

Emmanuel (EmmoSophos)

Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Up 0 Down

Cancel
0 Floiran Lentz 5 months ago in reply to emmosophos

Hey so i am back now, i have testing the ideas, but the problem is the same
Cancel
Up 0 Down

Cancel