I upgraded to 9.100-16 and am getting some alerts that I thought the default for the rules was turned off, examples snort id 16642 and 25521. Is there a log in utm to see version like 2.9.4.5 for snort database?
↧
How tell what version snort rules
↧
Download Throttling best practice
Hi.
I'm not quite sure about working with the new option "Download Throttling".
Here is the situation:
1. I'm having many users, which use all sorts of Torrents.
2. The default preference of Torrents is unlimited uploads and downloads.
3. I don't mind Downloads, but I want to limit the upload to no more than 10Kb per user.
If it's like before, then guess it should be on the Wan Nic.
Now what would be the best practice to achieve this (I have already defined "Traffic Selector" for all Torrents).
Thanks
I'm not quite sure about working with the new option "Download Throttling".
Here is the situation:
1. I'm having many users, which use all sorts of Torrents.
2. The default preference of Torrents is unlimited uploads and downloads.
3. I don't mind Downloads, but I want to limit the upload to no more than 10Kb per user.
If it's like before, then guess it should be on the Wan Nic.
Now what would be the best practice to achieve this (I have already defined "Traffic Selector" for all Torrents).
Thanks
↧
↧
Server Load Balancing HTTP check error code
Hello,
on Sophos UTM 9.1 GA, When i add a server load balancing rule to to lb two web servers behind Astaro, it seems Astaro will only declare the server down when it gets a 500 response error code.
/etc/service_monitor.conf has:
[config]
branding=yes
default_timeout=5
http_error_code=500
I tried to change that to 404 and restarted the service_monitor, but this also brings down sites which return 302.
Is there any way to tell Astaro for a LB rule which HTTP code to expect from server to declare it up?
Thanks,
Adrian
[Edited to add]
Our issues is IIS behavior with multiple IP addresses (iis is listening on 0.0.0.0 so connection can be established but there is no resource in iis). Only occurs on port 80 but not on port 443 and seems an IIS "feature"
on Sophos UTM 9.1 GA, When i add a server load balancing rule to to lb two web servers behind Astaro, it seems Astaro will only declare the server down when it gets a 500 response error code.
/etc/service_monitor.conf has:
[config]
branding=yes
default_timeout=5
http_error_code=500
I tried to change that to 404 and restarted the service_monitor, but this also brings down sites which return 302.
Is there any way to tell Astaro for a LB rule which HTTP code to expect from server to declare it up?
Thanks,
Adrian
[Edited to add]
Our issues is IIS behavior with multiple IP addresses (iis is listening on 0.0.0.0 so connection can be established but there is no resource in iis). Only occurs on port 80 but not on port 443 and seems an IIS "feature"
↧
Smartermail style broken all sophos
Our Sophos Astaro UTM 110 devices are tearing down the style of our email web portals causing a huge emergency for us. Ive tried for hours and cannot make any rule that affects this other than to toggle web protection on and off. Easy test, anybody with a sophos UTM 110, please try going to smartertools.com.
↧
Memory swap usage 9.1GA and UTM220
We have a UTM220 device, upgraded to 9.1 yesterday.
40 devices/users protected.
Network Visibility, POP3 Proxy, RED, Endpoint Protection, WAF and HA are all OFF.
HTTP Proxy web caching is off.
IPS is using only 7980 of 15806 patterns.
75-300 users are recommended by Sophos for this unit type.
However memory swap climbed almost instantly to over 50% of RAM. I know there has been some discussion on swap usage, but am unsure of the outcome. CPU looks fine.
Attachment 10076
Can someone send me a summary of Sophos comments on swap/memory usage as I'd really not like to throw 100-200 users on this device...
40 devices/users protected.
Network Visibility, POP3 Proxy, RED, Endpoint Protection, WAF and HA are all OFF.
HTTP Proxy web caching is off.
IPS is using only 7980 of 15806 patterns.
75-300 users are recommended by Sophos for this unit type.
However memory swap climbed almost instantly to over 50% of RAM. I know there has been some discussion on swap usage, but am unsure of the outcome. CPU looks fine.
Attachment 10076
Can someone send me a summary of Sophos comments on swap/memory usage as I'd really not like to throw 100-200 users on this device...
↧
↧
[9.100][BUG] WebAdmin - 503 Service Unavailable
This is a fresh install of 9.100-8 that has been running for almost 2.5 days. I noticed earlier today WebAdmin would respond with a 503 Service Unavailable message would appear. Internet seemed to be unaffected. I was able to login to the console. Status of WebAdmin service was "running". I restarted the WebAdmin service and WebAdmin came back to life.
↧
Thanks for playing!
Greetings esteemed testers, tinkerers, and breakers of technology. With the release of UTM 9.1 a couple of days ago, we will now close down the forum and do some housekeeping. While (as always) we will enshrine these threads in immortality by keeping their contents visible, no more posts will be possible as the intense scrutiny of our devs and their minions will wane. If you have ongoing conversations, feel free to start them up again in the various sections of our UBB. We will tally some things up and perhaps have some shiny things for our most dedicated contributors. We'll put up a results thread here before moving the entire forum to the closed area.
I'd like to personally say thank you for donating your time in testing our releases these past months, you can all take stock in knowing you helped make UTM better than it ever could be without your input. I am humbled to see the level of participation and the sheer amount of suggestions, improvements, and feedback you offered us. So on behalf of our entire team, you have our thanks.
See you in a few months as we start UTM 9.2, which I promise will be even cooler than what we've done this time around. Stay tuned!
For the user, and the win.
I'd like to personally say thank you for donating your time in testing our releases these past months, you can all take stock in knowing you helped make UTM better than it ever could be without your input. I am humbled to see the level of participation and the sheer amount of suggestions, improvements, and feedback you offered us. So on behalf of our entire team, you have our thanks.
See you in a few months as we start UTM 9.2, which I promise will be even cooler than what we've done this time around. Stay tuned!
For the user, and the win.
↧
L2TP/IPsec: pushing routing table down to a VPN client
Hi there,
Is there any way to push a routing table / routing rules down to a VPN client?
I need to send additional routing information about subnets not local to my VPN server to a L2TP/IPsec VPN client running in a split-tunnelling mode.
I'm running the latest version, currently v9.100-16.
Thank you for any help or advice.
Is there any way to push a routing table / routing rules down to a VPN client?
I need to send additional routing information about subnets not local to my VPN server to a L2TP/IPsec VPN client running in a split-tunnelling mode.
I'm running the latest version, currently v9.100-16.
Thank you for any help or advice.
↧
Need help understanding VoIP please
I'm trying to see how this VoIP works. I do the WiFi for my business, but I have not got into VoIP yet. Can any one give me suggestion about it?
↧
↧
Feature: don't show disabled ethx in dashbord
Hi,
for clarity, it would be nice if the diabled ethx will not be displayed with the dashboard
or will be moved to the end of the list (utm220 ... ).
Johannes
for clarity, it would be nice if the diabled ethx will not be displayed with the dashboard
or will be moved to the end of the list (utm220 ... ).
Johannes
↧
9.1 update breaks AP5 on RED
All
We have 3 x UTMs. We updated two last night to 9.1 and these went fine. Final UTM is where we have 35 RED units connected
Ran update on UTM and all our REDs then rebooted - as their firmware updates automatically according to Sophos support.
After the REDs rebooted the AP5 units connected to them all went inactive. Deleting them doesnt work they dont show up as pending APs. Sophos support say this is a potential bug in 9.1 as this has been reported by another customer
So if you have REDS and AP5s dont update to 9.1 just yet!
We have 3 x UTMs. We updated two last night to 9.1 and these went fine. Final UTM is where we have 35 RED units connected
Ran update on UTM and all our REDs then rebooted - as their firmware updates automatically according to Sophos support.
After the REDs rebooted the AP5 units connected to them all went inactive. Deleting them doesnt work they dont show up as pending APs. Sophos support say this is a potential bug in 9.1 as this has been reported by another customer
So if you have REDS and AP5s dont update to 9.1 just yet!
↧
HTTPS Seite lässt sich nicht aufrufen
Hallo zusammen,
seit einigen Tagen spinnt unsere ASG120 (8.309). Eine bestimmte Seite lässt sich bei uns, egal von welchem Rechner aus, nicht mehr per https:// aufrufen. Andere Seiten funktionieren einwandfrei.
Chrome wirft folgenden Fehler raus:
![]()
und Firefox diesen:
![]()
Weder an Firewall noch am Webfilter habe ich etwas geändert. Der Webseitenbetreiber, unser Kunde, beteuert das von seiner Seite aus alles in Ordnung ist was ich auch glaube. Von zu Hause aus oder per Smartphone lässt sich die Seite ohne Probleme erreichen.
Im URL-Filter habe ich die Seite auch ausgenommen, ist/sollte von jedem Arbeitsplatz aus erreichbar sein. Aber es handelt sich ja nicht um die Meldung das der Zugriff auf die Seite gesperrt ist sondern um einen SSL-Fehler.
Bin total ratlos. Ein Neustart der ASG hat nicht geholfen. So nebenbei: kann ich eigentlich einen Zeitgesteuerten Neustart, also z.B. Nachts durchführen?
Ich hoffe ihr wisst Rat!
/Edit:
Die Netzwerkdiagnose vom Windows gibt keine Probleme an. HTTP und HTTPS sollen einwandfrei funktionieren.
seit einigen Tagen spinnt unsere ASG120 (8.309). Eine bestimmte Seite lässt sich bei uns, egal von welchem Rechner aus, nicht mehr per https:// aufrufen. Andere Seiten funktionieren einwandfrei.
Chrome wirft folgenden Fehler raus:
und Firefox diesen:
Weder an Firewall noch am Webfilter habe ich etwas geändert. Der Webseitenbetreiber, unser Kunde, beteuert das von seiner Seite aus alles in Ordnung ist was ich auch glaube. Von zu Hause aus oder per Smartphone lässt sich die Seite ohne Probleme erreichen.
Im URL-Filter habe ich die Seite auch ausgenommen, ist/sollte von jedem Arbeitsplatz aus erreichbar sein. Aber es handelt sich ja nicht um die Meldung das der Zugriff auf die Seite gesperrt ist sondern um einen SSL-Fehler.
Bin total ratlos. Ein Neustart der ASG hat nicht geholfen. So nebenbei: kann ich eigentlich einen Zeitgesteuerten Neustart, also z.B. Nachts durchführen?
Ich hoffe ihr wisst Rat!
/Edit:
Die Netzwerkdiagnose vom Windows gibt keine Probleme an. HTTP und HTTPS sollen einwandfrei funktionieren.
↧
Remote-VPN Routing
Hi all,
actually I'm not sure how the routing from externel Networks works. The network is attached to our internal network via IPSec-VPN. (Site to Site)
The scenario:
Our Cellphones get the IP Address from the external Network (Network B). The they can get to our internal Netzwork (Network A).
Now the problems:
HTTP requests (Port 80) get to our internal Eth (Sophos UTM) and via our external WAN with an external IP to the reqeuested website. (Works like charm) But the HTTP goes via Port 8080 out what mean there is a proxy somewhere. (No idea why)
But for example IMAP (Port 993) goes directly to our externel WAN and than with the internal IP to the external Mail-Server. (I cant figure it out, via the IMAP traffic goes directly to external Interface)
I have checked all NAT, Routing rules etc. Any ideas what I could do? I hope you understand what I mean :)
Cheers
actually I'm not sure how the routing from externel Networks works. The network is attached to our internal network via IPSec-VPN. (Site to Site)
The scenario:
Our Cellphones get the IP Address from the external Network (Network B). The they can get to our internal Netzwork (Network A).
Now the problems:
HTTP requests (Port 80) get to our internal Eth (Sophos UTM) and via our external WAN with an external IP to the reqeuested website. (Works like charm) But the HTTP goes via Port 8080 out what mean there is a proxy somewhere. (No idea why)
But for example IMAP (Port 993) goes directly to our externel WAN and than with the internal IP to the external Mail-Server. (I cant figure it out, via the IMAP traffic goes directly to external Interface)
I have checked all NAT, Routing rules etc. Any ideas what I could do? I hope you understand what I mean :)
Cheers
↧
↧
FW 9.1 und SSLVPN
Falls noch jemand geupdatet hat und seine SSL VPN Verbindungen nicht mehr funktioneren:
Ich hatte eine Gruppe VPN hinterlegt die scheinbar nicht mehr korrekt funktioniert. User einzeln hinzufügen und es funzt wieder :)
Ich hatte eine Gruppe VPN hinterlegt die scheinbar nicht mehr korrekt funktioniert. User einzeln hinzufügen und es funzt wieder :)
↧
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Hi,
Yesterday I upgraded my UTM to 9.100-16.
My mail server uses pop3 to fetch email and I configured pop3 proxy on my UTM.
Everything works fine for the accounts where port 110 (standard pop3) is used.
But for Gmail accounts, secured POP3 (port 995) the log on my client says;
2013-05-15 10:39:48 Error while opening POP3 connection to 'pop.gmail.com' (User:emailaddress@gmail.com): Error connecting with SSL. Error connecting with SSL. error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
And the UTM live log says; SSL Error: 0x1408a0c1d (error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher)
For now I have switched off the pop3 proxy, my server gets the mail now through the firewall, instead of through the proxy and mail is comming in again, although it's not filtered anymore.
Does anyone have an idea? Or is it just a bug in the new version of UTM?
Thanks!
With regards,
Erwin ter Hofstede
Yesterday I upgraded my UTM to 9.100-16.
My mail server uses pop3 to fetch email and I configured pop3 proxy on my UTM.
Everything works fine for the accounts where port 110 (standard pop3) is used.
But for Gmail accounts, secured POP3 (port 995) the log on my client says;
2013-05-15 10:39:48 Error while opening POP3 connection to 'pop.gmail.com' (User:emailaddress@gmail.com): Error connecting with SSL. Error connecting with SSL. error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
And the UTM live log says; SSL Error: 0x1408a0c1d (error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher)
For now I have switched off the pop3 proxy, my server gets the mail now through the firewall, instead of through the proxy and mail is comming in again, although it's not filtered anymore.
Does anyone have an idea? Or is it just a bug in the new version of UTM?
Thanks!
With regards,
Erwin ter Hofstede
↧
IPSec Issues
A server located at 10.12.101.194 is trying to connect via IPSec 50/51 to 10.12.103.151. We can ping and trace from .194 to .151 without a problem. We can also connect via FTP, SSL and other ports/protocols without an issue. However, whenever we try to connect via IPSec 50/51, it doesn't work
We've added a NO NAT rule for all traffic from .194 to .151 on the UTM 10.12.101.252. We have also added an ANY > ANY > ANY Firewall rule. Still no luck.
When we try the IPSec connection, we aren't seeing anything getting blocked in the firewall. Any suggestions on what to look for or change?
** A network diagram has been attached **
We've added a NO NAT rule for all traffic from .194 to .151 on the UTM 10.12.101.252. We have also added an ANY > ANY > ANY Firewall rule. Still no luck.
When we try the IPSec connection, we aren't seeing anything getting blocked in the firewall. Any suggestions on what to look for or change?
** A network diagram has been attached **
↧
[2.0][OPEN] Adding new users to groups
Ive created a new group to put some test users in - however, when I try to add users to that group the new group doesn't appear in the drop down list.
Groups which have been created some time before appear, but not a recently added group.
I can type the name of the group in manually which it then accepts, but I can't select it from the list as it were.
This is on IE9.
Groups which have been created some time before appear, but not a recently added group.
I can type the name of the group in manually which it then accepts, but I can't select it from the list as it were.
This is on IE9.
↧
↧
[2.0][OPEN] Usability when adding new users
When attempting to add a new user, it always highlights the last user added, and one has to click the 'add user' button in order to clear the fields in order to enter the new user details - which seems really user un-friendly.
Would it be better to have the fields blank, until a user is selected in the left hand pane rather than simply displaying the user details until the 'add user' button is pressed - at the moment it gives the impression that you are going to add the existing user again by pressing the add button.
I'm not sure what would be the best compromise between showing existing user details and having blank fields to be able to add new use details, but at the moment it causes confusion as it 'looks' as though you are going to re-add an existing user before you can add a new one.
Would it be better to have the fields blank, until a user is selected in the left hand pane rather than simply displaying the user details until the 'add user' button is pressed - at the moment it gives the impression that you are going to add the existing user again by pressing the add button.
I'm not sure what would be the best compromise between showing existing user details and having blank fields to be able to add new use details, but at the moment it causes confusion as it 'looks' as though you are going to re-add an existing user before you can add a new one.
↧
HTTP/S redirect 9.1
Guten Abend Allerseits.
Laut des Sohos/Astaro Featureboard ist die HTTP/S redirect Funktion in die 9.1 WAF implementiert worden. Leider kann ich keinerlei Einträge bzw. Einstellungen hier zu finden.
Hat jemand von Euch eine Idee wo ich das einstellen kann?
Danke Euch im Voraus.
Beste Grüße aus dem Taunus.
Markus
Laut des Sohos/Astaro Featureboard ist die HTTP/S redirect Funktion in die 9.1 WAF implementiert worden. Leider kann ich keinerlei Einträge bzw. Einstellungen hier zu finden.
Hat jemand von Euch eine Idee wo ich das einstellen kann?
Danke Euch im Voraus.
Beste Grüße aus dem Taunus.
Markus
↧
[2.0][CLOSED] Cannot deploy software in IE8 - ok in chrome
Have deployed the Sophos agent in email and received the following link in users email;
https://amzn-eu-west-1-b844.api-upe....hosInstall.exe
However - attempting to download this link in Internet Explorer 8 (Xp SP3 machine) results in the error - Internet Explorer was not able to open this internet site. The requested site is unavailable or cannot be found.
This is using Internet Explorer 8 (Version 8.0.6001.18702)
Opening the same link in Google Chrome (Version 26.0.1410.64 m) is fine and have downloaded the Sophos o.k.
https://amzn-eu-west-1-b844.api-upe....hosInstall.exe
However - attempting to download this link in Internet Explorer 8 (Xp SP3 machine) results in the error - Internet Explorer was not able to open this internet site. The requested site is unavailable or cannot be found.
This is using Internet Explorer 8 (Version 8.0.6001.18702)
Opening the same link in Google Chrome (Version 26.0.1410.64 m) is fine and have downloaded the Sophos o.k.
↧