Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
I've got a client whose QuickBooks updates fail on an XG125 with XG OS 17.0.3 MR-3 unless we disable http scanning and IDS on the firewall rule. The firewall and web filter do not log any denies. I've also seen some odd behavior with streaming installs of Office 365 and Dropbox on this same firewall.
at least for SG you need these lines with the additional HTTPS part.
I had a similar problem. I added the following under Web->Exceptions as a URL Pattern Matching exception:
This solution is also good for "payroll updates".
The only log entries were in the firewall under rule 0. No Web Filter denies.
Just wanted to say thanks tto @GaryChancellor for providing this solution.
I just recently had this issue where QB would fail getting Payroll updates with Error 15222. After about 6 hours & many attempts to resolve reference QB articles based on that error code, and also attempting to repair / uninstall / re-install QB software,I finally decided to look this up here. This solution was spot on. I applied the changes outlined by Gary and problem resolved.
P.S. What also led me to search here at Sophos for info on the issue, was that while attempting to re-install QB, the QB stub setup program would fail almost immediately while attempting to download the package (first you download the stub installer, then that program actually downloads the QB package to install...the stub program would download, but running it would fail in that it could not connect to QB servers). Once that started to occur too, I decided it was not an issue with the machine or QB installation.
Again thanks to Gary.
I am glad it was useful. I have had multiple scenarios with these over Office365, Microsoft Updates, QB Updates and others. Researching them is frustrating without any real information. I have a separate install on my laptop (paid for) that I use for testing. My clue was: it worked when I connected outside the network, but not on my Sophos protected network.
This is definitely one of the frustrating aspects of using HTTPS Decryption. I find often an application or website won’t work but there’s nothing in the logs that indicates an issue. In fact, it appears everything is normal. I basically just look for any URLs related to the application or website (web filter in the logs) and start adding them to a web exception until it starts working. There’s some applications I end up adding an entire category to get it to work.
I’ve created a page on the Sophos Wiki here to document the URLs that I know don’t work with HTTPS Decryption:
Would be a great place for the community to consolidate their findings (it’s editable by any user) to save other folks the hassle of having to troubleshoot.
Sophos XG guides for home users: https://shred086.wordpress.com/
XG may need it also but this solved the issue on SG
with the lines originally recommended it did not work.