Quantcast
Channel: Sophos User Bulletin Board
Viewing all 14361 articles
Browse latest View live

[Logging Exceptions]Need a little help

July 1, 2014, 10:06 am
$
0
0
Hey all,

My ISP allows me to watch TV via the browser,
it all works pretty good, but it fills the logs rather quickly with unnecessary "noise",

I wanted to make an exception for it(both access and blocked logging),
It are mostly IP-addresses, and I haven't been able to make an exception for those, I got the domains by now.

I couldn't find any ranges within those IP's

Kind regards,
Frank
Search

zwei Uplink WAN-Schnittstellen @ UTM9 mit KabelBW

July 1, 2014, 10:43 am
$
0
0
Hallo zusammen,

ich nutze eine UTM9 unter einem KABELBW-Business Anschluss mit einer FritzBox 6360.

Die UTM9 ist am LAN4-Port der Fritzbox angeschlossen. Dieser befindet sich im sog. Bridge-Mode, sprich die UTM bekommt über die MAC-Adresse eine eigene feste IP von KabelBW via DHCP zugewiesen. Das ganze funktioniert soweit ganz zuverlässig.

Da ich aber das 5er IP-Paket von KBW gebucht habe, möchte ich nun weitere IP-Adressen in der UTM einrichten. Also habe ich eine weitere Netzwerkkarte in die UTM eingebaut und die MAC-Adresse bei KabelBW registriert.

Das neue Interface geht nun auch brav online und bekommt die zweite statische IP von KabelBW zugewiesen. Allerdings ist das Interface nur online, wenn ich den Uplink-Ausgleich aktiviere.

Das will ich aber gerade nicht! Denn mein Ziel ist es nicht, ein Backup oder Load-Balancing zu erstellen, sondern einfach eine zusätzliche WAN-IP für bestimmte Dienste zu nutzen.

Schalte ich den Uplink-Ausgleich an, sind aber meine Serverdienste (virtual Webserver für OWA etc.) und meine DNAT-Ports auf BEIDEN IPs im Netz erreichbar.

Daher meine konkrete Frage: Wie kann ich diese zwei IPs voneinander trennen? Auf der zweiten IP soll nur ein bestimmter Port geöffnet werden und alle anderen Serverdienste sollen ausschließlich auf der 1. WAN-IP und nicht auch auf der 2. zugänglich sein?

Bitte entschuldigt die vielleicht doofe Frage, ich bin leider noch blutiger Anfänger....

Danke an Euch!

Doppelpost - Sorry

July 1, 2014, 11:16 am

Site2Site tunnel with Kerio Control

July 1, 2014, 11:44 am
$
0
0
Hi everybody,
does anyone configured IPSec tunnel between Sophos and that stupid Kerio Control?
i followed this KB article, strictly step by step Configuring an IPsec VPN tunnel with Astaro
but it does not work...
Live log from Sophos:

2014:07:01-20:37:40 home pluto[11783]: "S_Kerio Connection" #236: responding to Main Mode
2014:07:01-20:37:40 home pluto[11783]: "S_Kerio Connection" #236: Peer ID is ID_FQDN: 'firewall'
2014:07:01-20:37:40 home pluto[11783]: "S_Kerio Connection" #236: Dead Peer Detection (RFC 3706) enabled
2014:07:01-20:37:40 home pluto[11783]: "S_Kerio Connection" #236: sent MR3, ISAKMP SA established
2014:07:01-20:37:40 home pluto[11783]: "S_Kerio Connection" #236: received Delete SA payload: deleting ISAKMP State #236
2014:07:01-20:37:40 home pluto[11783]: packet from 91.218.***.***:500: received Vendor ID payload [XAUTH]
2014:07:01-20:37:40 home pluto[11783]: packet from 91.218.***.***:500: ignoring Vendor ID payload [RFC 3947]
2014:07:01-20:37:40 home pluto[11783]: packet from 91.218.***.***:500: received Vendor ID payload [Dead Peer Detection]
2014:07:01-20:37:40 home pluto[11783]: "S_Kerio Connection" #237: responding to Main Mode
2014:07:01-20:37:40 home pluto[11783]: "S_Kerio Connection" #237: Peer ID is ID_FQDN: 'firewall'
2014:07:01-20:37:40 home pluto[11783]: "S_Kerio Connection" #237: Dead Peer Detection (RFC 3706) enabled
2014:07:01-20:37:40 home pluto[11783]: "S_Kerio Connection" #237: sent MR3, ISAKMP SA established
2014:07:01-20:37:40 home pluto[11783]: "S_Kerio Connection" #237: received Delete SA payload: deleting ISAKMP State #237

and still going on

log from Kerio:

[01/Jul/2014 20:41:57] {charon} charon: 13[NET] sending packet: from 91.218.***.***[500] to 91.218.***.***[500]
[01/Jul/2014 20:41:57] {charon} charon: 12[NET] received packet: from 91.218.***.***[500] to 91.218.***.***[500]
[01/Jul/2014 20:41:57] {charon} charon: 12[ENC] parsed ID_PROT response 0 [ ID HASH ]
[01/Jul/2014 20:41:57] {charon} charon: 12[IKE] IDir '192.168.5.1' does not match to 'home'
[01/Jul/2014 20:41:57] {charon} charon: 12[IKE] deleting IKE_SA tunnel_4_1_1_1[2617] between 91.218.***.***[firewall]...91.218.***.***[%any]
[01/Jul/2014 20:41:57] {charon} charon: 12[IKE] deleting IKE_SA tunnel_4_1_1_1[2617] between 91.218.***.***[firewall]...91.218.***.***[%any]
[01/Jul/2014 20:41:57] {charon} charon: 12[IKE] sending DELETE for IKE_SA tunnel_4_1_1_1[2617]
[01/Jul/2014 20:41:57] {charon} charon: 12[ENC] generating INFORMATIONAL_V1 request 2297605289 [ HASH D ]
[01/Jul/2014 20:41:57] {charon} charon: 12[NET] sending packet: from 91.218.***.***[500] to 91.218.***.***[500]
[01/Jul/2014 20:41:57] {IPsec} TunnelsList|thread: 'ipsec up tunnel_4_4_1_1' returned 0
[01/Jul/2014 20:41:57] {charon} charon: 15[CFG] received stroke: initiate 'tunnel_4_5_1_1'
[01/Jul/2014 20:41:57] {charon} charon: 05[IKE] initiating Main Mode IKE_SA tunnel_4_1_1_1[2618] to 91.218.***.***
[01/Jul/2014 20:41:57] {charon} charon: 05[IKE] initiating Main Mode IKE_SA tunnel_4_1_1_1[2618] to 91.218.***.***
[01/Jul/2014 20:41:57] {charon} charon: 05[ENC] generating ID_PROT request 0 [ SA V V V ]
[01/Jul/2014 20:41:57] {charon} charon: 05[NET] sending packet: from 91.218.***.***[500] to 91.218.***.***[500]
[01/Jul/2014 20:41:57] {charon} charon: 01[NET] received packet: from 91.218.***.***[500] to 91.218.***.***[500]
[01/Jul/2014 20:41:57] {charon} charon: 01[ENC] parsed ID_PROT response 0 [ SA V V V V ]
[01/Jul/2014 20:41:57] {charon} charon: 01[IKE] received strongSwan vendor ID
[01/Jul/2014 20:41:57] {charon} charon: 01[IKE] received Cisco Unity vendor ID
[01/Jul/2014 20:41:57] {charon} charon: 01[IKE] received XAuth vendor ID
[01/Jul/2014 20:41:57] {charon} charon: 01[IKE] received DPD vendor ID
[01/Jul/2014 20:41:57] {charon} charon: 01[ENC] generating ID_PROT request 0 [ KE No ]
[01/Jul/2014 20:41:57] {charon} charon: 01[NET] sending packet: from 91.218.***.***[500] to 91.218.***.***[500]
[01/Jul/2014 20:41:57] {charon} charon: 10[NET] received packet: from 91.218.***.***[500] to 91.218.***.***[500]
[01/Jul/2014 20:41:57] {charon} charon: 10[ENC] parsed ID_PROT response 0 [ KE No ]
[01/Jul/2014 20:41:57] {charon} charon: 10[ENC] generating ID_PROT request 0 [ ID HASH ]
[01/Jul/2014 20:41:57] {charon} charon: 10[NET] sending packet: from 91.218.***.***[500] to 91.218.***.***[500]
[01/Jul/2014 20:41:57] {charon} charon: 13[NET] received packet: from 91.218.***.***[500] to 91.218.***.***[500]
[01/Jul/2014 20:41:57] {charon} charon: 13[ENC] parsed ID_PROT response 0 [ ID HASH ]
[01/Jul/2014 20:41:57] {charon} charon: 13[IKE] IDir '192.168.5.1' does not match to 'home'


I dont undestand why it tells me that IDir 192.168.5.1 does not match to home, it comes from Local Interface in Connections how it is in that KB...
What is wrong?

Thanx in advance, V.

Switching IP Addressing Scheme

July 1, 2014, 11:56 am
$
0
0
Astaro 220 8.311

I inherited a network with internal addressing as 119.0.0.0/24. I need to change the addressing scheme obviously, and I'd like to start by adding another network.

We currently use the Astaro wireless product that puts those devices on a 10.242.x.x network. There's a Masquerade rule and those devices work just fine with everything on the 119.0.0.0/24 network. Could I just create a new network like this and the masquerade/firewall rules? The end result is to get rid of the 119.0.0.0/24 network, but it's going to take a few months to switch over all of the devices, so they will both need to be live. If this is an option, and a good one, can I rinse/repeat for more networks?

Endpoint Home edition VM

July 1, 2014, 12:24 pm
$
0
0
My grandmother's Norton subscription ends soon. Can I set up a VM of UTM home edition for her, get the endpoint installer and then keep UTM VM shutdown? Not looking to replace her router - just get the AV.

Alternatively can I let her use one of my home Endpoint licenses?

Thanks

No-IP take down by Microsoft

July 1, 2014, 2:37 pm

dyndns support for all-inkl

July 2, 2014, 12:04 am
$
0
0
Hi,

please can you add all-inkl as dyndns provider. Currently i rewrite the features.ph file, and change the strato update server to all-inkl update server. The problem is, this has to be done after each sophos update. It can't be a problem to add one additional provider.

Features for dyndns providers are completed, and only for all-inkl, i don't want to add a new featurerequest,.....

Thanks in advance,
regards
Herbert
Search

SMTP Proxy mit externem EMail Provider

July 2, 2014, 12:13 am
$
0
0
Einen wunderschönen guten Morgen,

ich bin gerade dabei den SMTP Proxy einzurichten, bräuchte aber noch ein wenig Unterstützung bei der Konfiguration. (POP3 Proxy läuft ohne Probleme)

Ausgangslage:
-Sophos Version: 9.203-3
-Kein Exchange oder dergleichen
-Emails werden per Outlook 2010 über POP3 (SSL,Port 995) und SMTP (SSL, Port 465) direkt über Strato versandt.
-POP3 Proxy mit SSL läuft wie es soll


Wie kann ich den SMTP Proxy für oben genannte Netzwerkkonfiguration konfiguieren? Der SMTP Proxy wird ja vorzugsweise für einen Exchange/SBS genutzt...

Was ich bereits getan habe:

SMTP Proxy:
Einfacher Modus
Routing -> Domäne: hinterlegt!
Routing -> Routen nach: ????
Relaying ->nichts konfiguriert
Smarthost-Einstellungen: Strato smtp Server hinterlegt, Smarthostport 465, Authentifizierung: ja mit der webmaster email + Password

Nach 1-2 Tagen sehe ich ich Log dass die Sophos noch keine Email gefilter hat, ich bin mir sicher dass der SMTP Proxy noch weiter konfiguiert werden muss, weiß hier aber nicht weiter.


Gruß Jonas

partitioncleaner[8577]: stopping deletion: can't delete more files

July 2, 2014, 1:25 am
$
0
0
Hey guys,

I received this errormessage from my asg525 with Software:8.310.

Critical 2014:06:27-14:04:17 partitioncleaner[8577]: stopping deletion: can't delete more files


There is enough space left, I dont see any problems, but do I have to care about it??? I´m asking, because of the "critical" message.


Have a nice day
Sebastian

UTM drop packets

July 2, 2014, 5:00 am
$
0
0
I have a public IP on utm external address directly attached to router. When I ping for example www.yahoo.com, it says "can't resolve ip address or hostname", second time for examples only one ping packet is successfully returned, one dropped. Sometimes it pings site correctly and on and on... What could be the problem here..
TMG connected to the same router works perfectly well...

Remote Access L2TP over IPSec

July 2, 2014, 5:09 am
$
0
0
Hello,
i've enabled Remote Access on my UTM, but im not able to connect, it is working when i set up firewall rule from Any - service Any - WAN intefrace, it seems to me that some firewall rule needs to be created to open listen ports, am i right? In this How To http://www.sophos.com/en-us/medialib..._L2TP_geng.pdf is nothing about firewall rule from WAN...

Do i need to create Firewall rule manually, or is something wrong?

V.

VPN steht, aber kein Zugriff ins LAN

July 2, 2014, 6:16 am
$
0
0
Hallo zusammen!

Ich bin neu hier und ich habe mir eine Sophos UTM 9 auf eine virtuelle Maschine installiert, da ich in Zukunft beruflich öfter mit der Sophos zu tun bekomme, und ein Gefühl dafür bekommen möchte.

Die UTM als Gateway funktioniert, jetzt habe ich mir selber zur Aufgabe gemacht eine VPN-Verbindung (SSL) zuz erstellen, damit ich von meinen Laptops auf mein heimisches Netz zugreifen kann.

Der VPN-Tunnel steht. Ich bekomme allerdings keinen Zugriff auf meine Server.
Vermutlich muss ich noch irgendwelche Routen etc. erstellen.

Bisher hilft mir das Admin-Handbuch in diesen Fall weiter. Es ist zwar super erwähnt wie man etwas einrichtet, aber leider fehlt mir in diesen Fall die Info was noch an weiteren Schritten nötig ist.

Ich benutze für die VPN-Verbindung den vorgeschlagenen Adresspool. Ich habe mir noch eine Netzwerkdeffinition "Homenet" mit 192.168.0.0/24 eingerichtet, wo sich auch die Rechner befinden, auf die ich gerne zugreifen möchte.

Ich hoffe ich konnte meine Anfrage verständlich darlegen und mit den benötigten Informationen dienen.

Danke schon mal fürs Lesen und ich würde mich über Tipps freuen.

Viele Grüße

Dirk

S/MIME Signatures invalid when e-mail has attachment

July 2, 2014, 6:33 am
$
0
0
Hi Folks,

I've done some searching on the forum but can't seem to find this being raised so here goes.

I have a 9.203-3 running, fresh install using home license, and have configured S/MIME certificates from COMODO and uploaded the relevant COMODO CA cert.

If I send a plain e-mail, just text to my work address the UTM signs the outgoing mail, no encryption, and the remote Outlook 2010 once the COMODO CA cert was imported says everything is good!

However...

If I send an e-mail with an attachment, e.g. a word document, the remote end says the sig is invalid as the content has changed.

Thinking it might be my work system I repeated the steps by send and plain / attached set of e-mails to a pop account which I then collected with thunderbird. Again the plain e-mail was OK the attachment bearing one 'Failed'.

Anyone have any idea whats going on?

kein Versand des Quarantänebericht

July 2, 2014, 8:59 am
$
0
0
Hallo Community,

ich nutze die Sophos UTM 9.2 in meinme Heimnetzwerk. Ich habe drei POP3-Mailpostfächer (web.de und strato) welche über die UTM laufen.

Der Versand des Quarantäneberichtes funktioniert leider nicht.

Meine Hauptadresse ist unter
Verwaltung-> Systemeinstellungen->E-Mailadresse Administrator
eingetragen.

Ich habe alle drei Adressen zusätzlich unter:
Userportal(Administrator)->POP3-Konten
eingetragen.

Im Register Quarantäne werden keine Mails angezeigt.

Habe gerade im Handbuch nachgelesen. leider werde ich nicht schlau daraus.

Was mache ich falsch?
Wie bekomm ich für alle Mailadressen den Quarantänebericht zugesendet?
Search

SSL VPN No login screen

July 2, 2014, 12:03 pm
$
0
0
Greetings forum users,
I have searched for another user with a login problem similar to mine, but cannot find anyone who has experienced the same issue.

I have one user who cannot log into our SSL VPN. When the user clicks on the Sophos VPN client there's no pop up window asking for the users credentials. After about 30sec or so, an error message appears informing me that the connection failed.

I have uninstalled and re-installed the client software twice now. Other users have no problem logging into the VPN. I can even use the same problematic users credentials on a different computer with no problem. I think it might be the computer, however I was wondering if anyone can tell me what this log file is trying to tell me. I believe that the VPN client cannot open a local port, however I cannot find any other program that is using that same port.

I've attached the short log file. Any ideas or help would be greatly appreciated.

Attached Files
File Type: txt log_file.txt (304 Bytes)

Migrating to new hardware NIC problem

July 2, 2014, 1:06 pm
$
0
0
I am moving from an old Dell Pentium D white box running software version 9.203-3 to a Dell Poweredge 1950 with 2 NICs (1GB). My current old Dell system originally had a built in 1GB Nic and a 2nd PCI broadcom 1GB Nic. I installed a new Intel dual GB Nic card based on the many threads mentioning better performance. My Nics are eth0,eth1, eth2 & eth3. Eth2 & 3 are the new Intel dual GB Nic card. Under my current UTM I removed the Eth1 Nic and disabled the Eth0 built in card as well as removed the Nics from Interface menu. I saw many threads stating you could not migrate to a system with less Nic cards. I made a backup of my config as it stands now.

On the new Dell PowerEdge 1950 I installed a clean copy of 9.201-25.1. I then walked through the initial setup and performed a firmware update to 9.203-3. I currently have no problem accessing the UTM on the Poweredge. My Problem is when I restore my backup, I loose access to the Poweredge. When I access the Poweredge locally from root, I run ifconfig -a and I see the NICs but they have no IP address assigned any longer. I have tried to manually assign the IP addresses, but after a restart they are gone again.
Is it possible because my old system sees the Nics as Eth2 & Eth 3 while the new install sees my NICs as Eth0 & Eth1 it is getting corrupted?
I have gone into the Poweredge and renamed the NICs as Eth2 & Eth3 in the /etc/udev/rules.d/70-persistent-net.rules file, but that has not helped.
I don't want to have to manually recreate all of my Network and Service descriptions and Firewall rules.

FTP access through UTM

July 2, 2014, 1:45 pm
$
0
0
OK, so I have researched here, read the several posts about FTP access through the UTM, tried them and I am still stuck. I don't normally keep my network open for FTP, but now my wife works part-time from home and I have to set this up. :\

I have a NAS beind the UTM firewall that is setup with a user/pass that has access to only one folder on the NAS, R/W capability.

I have a FreeDNS name that I can use for connectivity, and resolving appears to be working just fine.

FTP access using either my DNS name OR my external IP address, the Network protection log still shows my connection being dropped on port 21:

- After creating a rule specific to port 21 to be allowed access
- After creating a DNAT rule to pass traffic to my NAS
- After utilizing FTP Proxy

I get access denied in the FTP proxy log, tried both active and passive FTP client, changed from Transparent FTP, to both in the FTP proxy, and I cannot get ANYWHERE with is mess. FTP Proxy also shows the Denied by ACLs error.

I've even tried Any--->FTP--->Any for a firewall rule just for the hell of it, and I am STILL showing being dropped in the network log.

Why would I get dropped on Network Protection when I would have made a specific rule to allow traffic on that specific port?

allow ldap connection

July 2, 2014, 2:53 pm
$
0
0
Hello
I have web application, with ldap authentication(active directory ) for user.
Application work fine without astaro. behind astaro user cannot logged. authentication not work. i have opened 389 port. it's not work.
Any ideas ?
thanks

RED VPN Configuration Question

July 2, 2014, 6:43 pm
$
0
0
I have purchased a RED 10 with the intention of using it as a mobile VPN appliance for client demos. However, I am now struggling with some configuration aspects and so I am wondering if somebody here has done something similar and would be willing to share some information with me.

Basically, I got the RED 10 working as a separate subnet which allows us to connect remotely, but I am struggling with understanding how I can reach host machines on another subnet.

Can somebody share the exact configuration steps to get this done? I am also fine with replacing our current approach if it is impossible and replace it with something that is working.

In a nutshell we are having a 10.10.x.x network and we would like to make a portion of this network (e.g. 10.10.5.x) visible and accessible through the RED 10. DNS would be a nice to have, but we can live without it.

Thank you!
Viewing all 14361 articles
Browse latest View live
Search