I've got a client whose QuickBooks updates fail on an XG125 with XG OS 17.0.3 MR-3 unless we disable http scanning and IDS on the firewall rule. The firewall and web filter do not log any denies. I've also seen some odd behavior with streaming installs of Office 365 and Dropbox on this same firewall.
at least for SG you need these lines with the additional HTTPS part.
I had a similar problem. I added the following under Web->Exceptions as a URL Pattern Matching exception:
This solution is also good for "payroll updates".
The only log entries were in the firewall under rule 0. No Web Filter denies.
I also had the same problem. What I want to know is why the F*@# is it not logging anything considering it is absolutely the root of the issue within Sophos. This is not the first time, it happens quite often that we are unable to determine why something isn't working only to find out Sophos doesn't log the action it is blocking. This needs to improve.
which log did you review? Logviewer - web and application? Also you might need to add exceptions in the applications policies. I was getting stuff blocked in web until I added an exception in application.
Hi Ian -
Checked all logs thoroughly (Firewall, App filter, IPS, Malware, Web content, Web filter, etc) for all traffic in the given time period to& from the IP of the machine running Quickbooks, and nothing whatsoever showed as blocked, failed, denied, dropped, etc. All typical activity was being logged, but nothing regarding the blocking. This has happened with quite a few similar issues I've had in the past. The way I finally prove it is to either bypass the Sophos entirely, or more recently I have created a single physical interface on the Sophos with a separate network that is "wide open" with no policies or inspection on any traffic, and I patch the machine in to test. Magically the problems go away. It appears that there are some hidden rules or policies that result in silent drop without any logging. Nothing shows in reports generated either (tried anything relevant).
I have the exact same problem with XG125. Any ideas why nothing is logged. Did anyone find anything, its very annoying.
I just had this problem occur on an SG-105 with the web filter exception rule for QB domainsrule in place. The web filter log showed blocked GETs from an Akamai address so it's worth trying to find that. You may have to SSH in to your XG and use grep since XG logging isn't as accessible as the SG UTM lgs.
I think that Ian is on the right track here. The Applications filtering has given me a world of hurt. It tends to block programs (Bitdefender, ChromeBook, etc) without any logging. My life is much simpler now that I've disabled it. Even if you move forward with the realization that you need to create exemptions, it can be a pain digging up the various domains to add for the various programs/apps that you need to exempt.
depends on the level of security you are trying to provide? If you want to check for bad stuff you need to use the application function in conjunction with the web and https scanning.
Just wanted to say thanks tto @GaryChancellor for providing this solution.
I just recently had this issue where QB would fail getting Payroll updates with Error 15222. After about 6 hours & many attempts to resolve reference QB articles based on that error code, and also attempting to repair / uninstall / re-install QB software,I finally decided to look this up here. This solution was spot on. I applied the changes outlined by Gary and problem resolved.
P.S. What also led me to search here at Sophos for info on the issue, was that while attempting to re-install QB, the QB stub setup program would fail almost immediately while attempting to download the package (first you download the stub installer, then that program actually downloads the QB package to install...the stub program would download, but running it would fail in that it could not connect to QB servers). Once that started to occur too, I decided it was not an issue with the machine or QB installation.
Again thanks to Gary.