Quantcast
Channel: Sophos User Bulletin Board
Viewing all 14361 articles
Browse latest View live

New to Sophos UTM9,

August 28, 2013, 7:40 am
$
0
0
Hi,
i am new to Sophos UTM 9 and playing with this firewall from a week or so. i just want to configure some basic rules which i am unable to do so. i have experience with pfsense and untangle but this one is different.
what i am trying to achieve is that:
  • allow all traffic to network
  • block some websites which includes (facebook, linkedin, twitter etc) both http & https.
  • block p2p softwares
i have figured out how to allow a single host or a network.
when i am using this with Transparent Mode it does not allow https request and returns the certificate is not trusted error(cannot even open gmail.com).
when i try this with standard mode it does nothing(google is not even accessible).
tried both with "none" authentication mode.

Thanks in advance.
Search

Endpoint Protection not enabling

August 28, 2013, 3:58 pm
$
0
0
Every single time I attempt to activate Endpoint protection on a new install I get the following error "No response from Sophos LiveConnect" "Do you want to wait 30 more seconds to finish the request"
(See Attachment)

I have already:
  • Waited 10 full minutes clicking the retry every time it pops up.
  • Created a transparent proxy exception for sophos live connect / sophos Services
  • Configured firewall exceptions.
  • Tried with outbound firewall and web filtering disabled.

Is there something I am missing (I am coming from Untangle)

I am running 9.105-9 Software version. The log is completely empty from what I can see.

This seems to relate to my issue:
http://www.astaro.org/gateway-produc...-endpoint.html

Any help would be appreciated.

Thanks,
Kyle

Attached Images
File Type: jpg Astaro Error.jpg (47.4 KB)

WPA2 Enterprize - Radius

August 28, 2013, 5:43 pm
$
0
0
Hello,

I have been trying to set up a radius server for the AP10. I have read many docs on radius, but it hasn't clicked yet.

Since I do know what normal looks like, I'm not unsure of my error or errors.
I'm not sure if I'm setting up the windows side correctly I'm using EAP-MS-CHAP-v2 in the radius.
I'm not sure how the client info is used.
I'm not sure how the user info is used.
I'm not sure which attributes to use to make my first connection.
I'm not sure if I need accounting.
I'm not sure how the handshake works...I thought I did?
I'm not sure if I can use a cert created in the UTM to authenticate.

I'm using tekradius with SQL express.
Wireless clients are win7 and vista.

I thought this would be easy, but I'm stuck.

I humbly ask for any assistance in learning about radius authentication.

Virtualized UTM and Offloading Traffic

August 28, 2013, 6:06 pm
$
0
0
Hey all. I have virtualized a UTM on an ESXi host. Has two dual port NIC's on the host....one NIC for private/LAN, one NIC for public/WAN and one for DMZ. All has been working well for over 12 months. Love it!

But...when I try to move large files between systems on the LAN side, everything crawls and major packet loss. Since the default gateway for all systems is the IP address of the private side NIC of the Aastaro UTM (the UTM has both a public and private NIC that are virtual), one can assume that trafficing large files is overwhelming that. All systems trying to pass http or other traffic thru the Aastaro get held up.

Hooked up to the LAN/Private side of the ESXi box is a netgear switch. It's dumb as dumb. GB speed, but dumb regardless. If I purchased a Layer 2 switch that was VLAN capable, would this resolve my issue? My thought is, I need to point the def gateway of all my laptops, desktops and servers to something other than the Aastaro UTM, and anything bound for internet would then go thru Aastaro.

I'm missing something really easy aren't i? Trying to stream HD content on my GB wired network is awful...let alone trying to do anything else during that time. Offloading the default gateway from the UTM is my only thought.

Thanks in advance for your suggestions!

Web Filtering issue

August 28, 2013, 7:38 pm
$
0
0
For some reason any http traffic that doesn't originate in a browser is 100% blocked. For example I'm trying to run the online eset scanner on a pc without internet explorer so it has you download and run a program that attempts to download virus definitions from the web over HTTP. I can download the program just fine, but once I execute the program it just sits there for forever and the instant I turn off web filtering the definitions will download. I haven't created any special profiles, the only one in effect is the default filter action.

Global Web Filtering is set to transparent.
Single Anti-virus scanning is turned on.
I'm blocking by default but when I changed it to allow by default it had no effect.
both internal networks have been added to the allowed networks.

default filter action:
Default content filter
Mode: Whitelist
Allowed SP Categories
CommunityEducationReligion
EntertainmentCulture
FinanceInvesting
GamesGambles
IT
InformationandCommunication
JobSearch
Lifestyle
Locomotion
Medicine
Ordering
Blocked Sites rss2search
File extensions bat, vbx, hta, inf, jse, wsh, vbs, vbe, lnk, chm, pif, reg, scr, cmd
Content removal Embedded
Antivirus scanning Single Scan


below is the output from the live log.

2013:08:28-21:47:06 admin-1 httpproxy[5561]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="x.x.x.10" dstip="91.228.167.11" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x11c76c80" url="http://download.eset.com/special/eos/OnlineScanner.cab" exceptions="" error="" country="Slovakia" category="105,175" reputation="trusted" categoryname="Business,Software/Hardware" content-type="application/octet-stream" application="eset"

Got mail that says data disk is filled up to 75%

August 28, 2013, 11:43 pm
$
0
0
My data disk partition size is 4.5GB
Tomorrow I got an mail saying the data disk is full

Connected via SSH and found out that the file

/var/storage/pgsql92/pg_xlog was 1,8GB big

Ran the following command as root,

Code:
/etc/init.d/postgresql92 rebuild
which solved the problem. Now the data disk is filled up to 17%

However, my question is if I have to do this repeatedly?

Firmware version 9.105-9

SNMP Traps werden nicht versand

August 29, 2013, 12:36 am
$
0
0
Hallo Community,

ich haben bei der UTM version 8 ein Problem mit SNMP.

Das Log der Astaro zeigt mir an dass keine Traps versendet werden können.
(Keine Firewallregeln aktiv da es sich nur um ein Testgerät im Heimnetzwerk handelt.)

Log-Eintrag der UTM:
"snmpd: send_trap: Failure in sendto (Operation not permitted)"
Ich bekomme von Net-SNMP Traps übermittelt, nur nicht von der UTM.

Bei meinen Rercherchen bin ich lediglich auf die Aussage gestoßen, dass eventuell der UDP Port geblockt ist.

Hab dies über netstat geprüft. Laut Netsat ist der Port geöffnet.

udp 0 0 :::161 :::* 7617/snmpd


Ich komme mit der Fehlermeldung nicht weiter.
Wäre für hilfreiche Tipps dankbar.

http traffic not coming through

August 29, 2013, 1:47 am
$
0
0
Hi,

I have a very odd issue with my UTM.

I've noticed this issue before but it went away somehow coming back today:

from time to time (about every 30 Minutes) websurfing is not possible anymore for a few minutes (5-10). Whenever that happens I see a lot of bandwidth beeing used to download something from "sophos content filter framework" in the flow monitor.

Until now it has already produced traffic of about 15 GB and I see this in my Network usage:


I have restarted the webproxy a few times now, changed the Content filter database to "mem", changed AV-Scanning to "single" and it seems gone.

Any ideas what caused this?

Cheers
Chris

Attached Images
File Type: png traffic.PNG (42.7 KB)
Search

Wlans reorganisieren

August 29, 2013, 5:45 am
$
0
0
Hallo,

ich habe ein Wlan (ein Astrao 30) in 4 neue Netze geteilt.
Mein Problem:
Wenn ich die definierten Geräten (es sind nur bekannte Mac-Adressen erlaubt) einfach umhänge funktionieren diese Geräte danach nicht mehr. Entweder klappt die Anmeldung nicht mehr oder die Geräte bekommen trotzt richtiger IP-Adressen keine Verbindung ins Internet. Lösche ich die Geräte und trage sie neu ein klappt alles.
Kennt jemand das Thema und hat einen Tip wir vermeiden kann alle geräte neu zu erfassen?

Gruss

QoS for Youtube

August 29, 2013, 5:55 am
$
0
0
Dear Folks

Our BYOD users are growing and growing. We have a limited WAN bandwidth of ## Mbit/s. Sometimes we experiencing slow Internet access for everyone and I notice the Internet line port's network usage is 100%.

According to the logs Youtube is being used most of the time. I guess it's what's causing the trouble.

I would like to limit the bandwith for Youtube as a result of this.

Under (UTM v9.103-5) Interfaces & Routing > QoS > Status I have all interfaces deactivated. We are using a 4x1Gbit Link Aggregation for different VLANs whereby I just want to limit Youtube access for a specific VLAN.

Under Traffic Selectors I created a new selector: Source VLAN->Application Youtube > Any
I also created a new Download Throttling rule: Limit: 10240 kbit/s, Limit: Shared, above Traffic Selector

Does it work that way and will the specific VLAN be limited to 10Mbit for its Youtube usage now? Or am I missing an important part?

Thank you in advance! I am excited to learn something new! :-)
--Uwe

Port Forwarding Through Non Default Gateway

August 29, 2013, 9:28 am
$
0
0
I have my production network running through a UTM120, all clients have the gateway address of the UTM120 (10.0.0.1). I'm trying to add a router that connects the production network to a non trusted LAN and implement Port Forwarding to an FTP Server on the production network. I gave the second router an internal address of 10.0.0.8 and a WAN address of 192.168.50.1. From the untrusted side, I was not able to access the FTP site until I changed the FTP Servers default gateway to 10.0.0.8. It worked fine however it disabled the internet on the server as there is no path out through that gateway. I then changed the gateway back to 10.0.0.1 and started looking at static/policy routing on the Sophos device. Is it possible to route specific traffic back to the 10.0.0.8 gateway to allow the FTP session to work? Policy Routing based on a port number (I don't want to use a standard anyway) sounds like a perfect solution, however I'm unable to get this to work. I've tried every possible static route and policy route I can imagine, this is what I have in a policy route currently:

Policy Route
Route Type: Gateway route
Source: Internal
Source Network: 10.0.0.0/8
Service: FTP
Destination Network: ANY
Gateway: 10.0.0.8

Any suggestions on how to get this to work or different solutions? Thank you.

Astaro Bridge kills Windows Share

August 29, 2013, 11:34 am
$
0
0
Hi All,

Have an interesting one. Suggests Astaro Bridge kills Windows share protocol.

If we plug a (manually configured) laptop directly into the MPLS WAN router, then we can open remote shares, join domains, etc. No problems. Fast response. All nice.

When we just put an Astaro bridge between the laptop and the WAN router - we cannot open the same remote shares. Can see the traffic being passed, NetBios, 445/SMB, etc. However, there must be traffic being silent-killed - and cannot tell what, short of using Wireshark both sides of the bridge to find out what is dropped.

All the normal stuff works just fine across the bridge. We can still join the domain. RDP, FTP, etc. Just windows shares is killed. We are using Win Server 2003. The Windows diagnostic is as useful as a chocolate teapot.

Anyone any thoughts, please?

My reading suggests that it is NetBios broadcast traffic that is likely being dropped. The standard workaround for that is to enable, and use WINS server. However, WINS server is deprecated and will stop being used by uSoft. Also WINS is not currently needed to be used anywhere else in their 5 site network. So is tough to argue that for this one just for Astaro ..... Customer is sure that Cisco would do this just fine. It seems likely to me that a Cisco bridge would have less impact than the Astaro one. But is that right?

Thanks in advance for any thoughts or comments.

All the best,

Adrien.

UTM 9.105-9: WAF Site-Path-Routing

August 29, 2013, 11:35 am
$
0
0
HI Guys,

i am trying to set up an Path Routing on a Network with some Windows Servers. One of them is an Exchange 2010, one a Server 2012 Ts with Webaccess.

The Base Roots are /owa/ and /rdweb but even trying to reach the root Site i get a forbidden Error.

I set up the Real Webservers and a virtual one with exceptions for URL Hardening (and for testing purposes all other). But it doesn't run.

May you can give me a short hint what else i need.

Kind regards,

Chris

(Based on this how to: UTM Web Application Firewall - configuring Site Path Routing)

DMZ Why

August 29, 2013, 2:49 pm
$
0
0
I see many disscussions about DMZ and many configurations (some are for real experts and some for one WAN 2 pc
Where is the point of using "Unified Threat Management"

Adding a NULL route to DNAT

August 30, 2013, 12:33 am
$
0
0
Hi all
As a temp measure at a customers site I want to add a NULL address ie 0.0.0.0 or 127.0.0.1
to a dnat rule until I can get the customer to supply me with IP address of incoming address's for a Terminal Server somebody else has used any with auto rules.

Why can I not add a Host 0.0.0.0 or 127.0.0.1

Thanks

Mark
Search

SPF check failed

August 30, 2013, 2:14 am
$
0
0
Hi,

an issue with SPF checks came up yesterday. Some guys from a business partner tried to send emails to us. However they got rejected by the UTM due to "SPF check failed".

Now I don't exactly know why. Whenever I go to a SPF checking service like SPF Query Tool or SPF Policy Tester

both tell me their server is set up correctly.

Code:
SPF record lookup and validation for: [i-changed-it-to-example].com
SPF records are primarily published in DNS as TXT records.

The TXT records found for your domain are:
 v=spf1 mx a a:[someaddress].com -all

 SPF records should also be published in DNS as type SPF records.
No type SPF records found.

 Checking to see if there is a valid SPF record.

 Found v=spf1 record for [example].com:
 v=spf1 mx a a:[someaddress].com -all

 evaluating...
 SPF record passed validation test with pySPF (Python SPF library)!
or



So why does the UTM think it's not valid?

Attached Images
File Type: png spf.PNG (37.5 KB)

Hardware wechsel

August 30, 2013, 4:37 am
$
0
0
Hallo,
Wir haben bei uns nun folgende Situation.
Zurzeit haben wir noch 2 Astaro ASG 220 V7 laufen.
Die sind 2 bis 3 mal am Tag überlasstet, wir wollen nun 2 neue Sophos UTM 220 besorgen und diese einbauen.
Ich wollte fragen:
Was müssen wir beachten bei der umstellung?
Wie sollten wir an die Sache rangehen?
Können wir die komplette Einstellung übernehmen? wenn ja WIE?

Gruß HEWI

Scheduled EndUser Features for EndPoint

August 30, 2013, 4:42 am
$
0
0
Hi,

is there a schedule about which features from the EndUser Software are going to be implemented into EndPoint?

I am interessted in the patch deployment (in German "Bedrohungsbasierte Patch-Analyse"). Since I am using EndPoint on all PCs in our network behind our UTM I am not going to install EndUser of course. However, we need a patch deployment software.

The Question is: Shell I wait until it is available in EndPoint anyway or look for another software?

Thanks in Advance and Regards,

Felix

astaro blocking geneuine website

August 30, 2013, 6:04 am
$
0
0
Hi all ,

i have run live log for web filtering and our firewall is blocking our sister comany web site.

observing log i got to know this .

2013:08:29-14:45:22 emailsecurity-2 httpproxy[6671]: id="0061" severity="info" sys="SecureWeb" sub="http" name="web request blocked, reputation limit" action="block" method="GET" srcip="10.120.47.39" dstip="" user="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3145" request="0x3259e7a0" url="http://ixt.pav-link.com/js/intext.js?afid=revizer&subid=1060_4000_sa&maxlinks =6&linkcolor=009900" exceptions="" error="" reason="category" category="130" reputation="malicious" categoryname="Malicious Sites":)



how do i unblock this .. i tried skip url scanning but it is not working

it seems website is redirecting internally to some other web server .

how can i ensure that for https://example.com is completely allowed including any redirected url's

thanks

ASG320 License Renewal

August 30, 2013, 9:20 am
$
0
0
We have an ASG320 with the fullguard licensing (all security subscriptions). Through multiple job changes, firings, etc the documentation on this thing is terrible.

The licensing is set to expire next week, we were able to purchase the new license and were emailed a "License_Schedule" with a "UTM License Key". Begins with UPG which I understand is an upgrade license... makes sense since we are renewing.

Now, how in the world do I turn this key into a license file?

I've tried creating a mysophos account and using the "Add license".. Gives me a "not found" error.

I've tried using the secure2.sophos.com site, created an account, and tried to "add product license credentials", a Product License Username and Product License Password are required which are supposedly on my license schedule, they are not.

Asking here before I phone/email in to support.

Thanks
Viewing all 14361 articles
Browse latest View live
Search