Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 41 subscribers
  • Views 1575 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue with rules

Super CM

I have a rule that blocks certain content and disables access at a certain time. Neither of these are being enforced. I can see the traffic that should be blocked, on the live connections page. I checked the policy tester to see what it thought and it expected the traffic to be blocked. How do I figure out what's going on here? Running version 18



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    do you have rules below your block rules that allow the traffic? When you review log viewer for the blocked IP address what rule is shown as allowing the traffic to pass?
    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Yes there are allow rules lower. Log viewer says its denying the traffic.

    2020-09-22 11:39:49
    Denied

    Here is the rule

  • 0 in reply to Super CM

    Hello Super CM,

    Thank you for the screenshot!

    Did you test with the Test Policy checker that the user/ip are actually using the Firewall rule associated to this Web Policy?

    If you checked and it does, maybe when the user actually sends this traffic is not being sent with the username which will cause not to take this Firewall rule. 

    Are you using authentication on the Firewall? 

    You could check if you enable debug in the following log from the Advanced Shell

    # service awarrenhttp:debug -ds nosync

    And then check the 

    # awarrenhttp_access.log

    Have the user try to access youtube and grep for his/her IP address

    tail -f awarrenhttp_access.log | grep "x.x.x.x" (x.x.x.x is the IP of the user)

    This would tell you the Firewall rule that is being actually used.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    I am not using authentication. And the second command did not work (the first did with a 200 ok)

    SFVH_HV01_SFOS 18.0.1 MR-1-Build396# awarrenhttp_access.log                     
    /bin/sh: awarrenhttp_access.log: not found                            
  • 0 in reply to Super CM

    Any help with that command that is failing? 

  • 0 in reply to Super CM

    You should start with the HTTP vs HTTPs test. Are the tests here blocked or not? 
    https://sophostest.com/
    and try http://sophostest.com

    __________________________________________________________________________________________________________________

  • 0 in reply to Super CM

    Hi ,

    "awarrenhttp_access.log" is a file located in /log/, not a command.

    is asking you to execute this command:

    => tail -f /log/awarrenhttp_access.log | grep "x.x.x.x" (x.x.x.x is the IP of the user)

    An example of the full command is: tail -f /log/awarrenhttp_access.log | grep "10.0.0.10"

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

Reply
  • 0 in reply to Super CM

    Hi ,

    "awarrenhttp_access.log" is a file located in /log/, not a command.

    is asking you to execute this command:

    => tail -f /log/awarrenhttp_access.log | grep "x.x.x.x" (x.x.x.x is the IP of the user)

    An example of the full command is: tail -f /log/awarrenhttp_access.log | grep "10.0.0.10"

    Thanks!

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

Children
Unfiltered HTML