Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
I've got a client whose QuickBooks updates fail on an XG125 with XG OS 17.0.3 MR-3 unless we disable http scanning and IDS on the firewall rule. The firewall and web filter do not log any denies. I've also seen some odd behavior with streaming installs of Office 365 and Dropbox on this same firewall.
at least for SG you need these lines with the additional HTTPS part.
I also had the same problem. What I want to know is why the F*@# is it not logging anything considering it is absolutely the root of the issue within Sophos. This is not the first time, it happens quite often that we are unable to determine why something isn't working only to find out Sophos doesn't log the action it is blocking. This needs to improve.
which log did you review? Logviewer - web and application? Also you might need to add exceptions in the applications policies. I was getting stuff blocked in web until I added an exception in application.
Hi Ian -
Checked all logs thoroughly (Firewall, App filter, IPS, Malware, Web content, Web filter, etc) for all traffic in the given time period to& from the IP of the machine running Quickbooks, and nothing whatsoever showed as blocked, failed, denied, dropped, etc. All typical activity was being logged, but nothing regarding the blocking. This has happened with quite a few similar issues I've had in the past. The way I finally prove it is to either bypass the Sophos entirely, or more recently I have created a single physical interface on the Sophos with a separate network that is "wide open" with no policies or inspection on any traffic, and I patch the machine in to test. Magically the problems go away. It appears that there are some hidden rules or policies that result in silent drop without any logging. Nothing shows in reports generated either (tried anything relevant).
I think that Ian is on the right track here. The Applications filtering has given me a world of hurt. It tends to block programs (Bitdefender, ChromeBook, etc) without any logging. My life is much simpler now that I've disabled it. Even if you move forward with the realization that you need to create exemptions, it can be a pain digging up the various domains to add for the various programs/apps that you need to exempt.
depends on the level of security you are trying to provide? If you want to check for bad stuff you need to use the application function in conjunction with the web and https scanning.