September 8, 2014, 12:30 am
Hallo NG,
ich habe die Anforderung einen Windows 2012R2 Terminalserver über HTTPS mit zwei Faktor Authentifizierung zu veröffentlichen.
Hat das hier schon mal jemand gemacht, gibt es dazu evtl. ein WhitePaper?
Ich werde ja wohl nicht der Erste sein, oder?
Schöne Grüße.
↧
September 8, 2014, 3:47 am
Hi,
ich mal ne Frage bei der ich aus dem Manual nicht ganz Schlau werde. Wenn ich unter EMail-Protection POP3 TLS verschlüsselte Mails scannen lasse und dabei kein Zertifikat auswähle. Werden die Mails dann noch gescannt oder nicht?
Erklärung: Wenn ich das Standard Zertifikat auswähle dann Meckert der Outlook Client rum das das Zertifikat nicht in Ordnung sei.
Siehe Bild.
![]()
Das lässt sich wegklicken und die Mails werden geladen. Nur das kommt jedes mal wenn ich den Client öffne auch wenn ich das Zertifikat unter Windows speichere.
Darum meine Frage.
Gruss Matze
↧
↧
September 8, 2014, 3:59 am
Kaum wurde Astaro von Sophos Ltd gekauft, schon rennt die CPU der lahmen Celeron (!) ASG-220 Firewall sehr oft auf 100% - und das bei nur ca 70 "aktiven" User und bei Version 9.2
Bitte bewerbt doch die ASG 220 als eine Firewall, die maximal 40 User versorgen kann und keine >100 Oder liebe Sophos Ltd programmiert doch mal ein bischen performanter als die mangelende Softwarequalität durch mehr Hardware ausgleichen zu müssen.
Zudem wäre es nützlich, wenn man schon eine HA hat, und wenn mal wieder die Sophos Ltd Firewall spinnt, daß wenigstens die Master FW automatisch neu startet.
Ist die Firewall so schlecht geworden. Ich glaube ich muß meine einstmal gute Meinung der Astaro (RIP) Firewall korrigieren und was gescheites fürs Business kaufen. Daheim - von mir aus - aber im Geschäft - furchtbar super lahm.
↧
September 8, 2014, 4:09 am
Why the hell is the httpproxy running all the time at 100% ! Und why the hell is the super slow celeron CPU in the ASG 220 specified for 300 Users? A celeron CPU for 300 Users ...
Please make a Update to of the super-slow 9.2 Software and speciefy the ASG-220 to a maximum of 50 Users.
↧
September 8, 2014, 4:51 am
I noticed that after setting UTM as my default gateway I could no longer install or update games on my xbox. After a couple hours I discovered this was caused by the antivius scanning option.
My solution was a static dhcp entry for the xbox assigned to a new web filter profile with AV scanning disabled. Ran into a similar problem with a Samsung Blu-Ray player where Netflix would crash at 6% or 25% when buffering a new stream. This is also working with a static assignment to the new filter profile.
Just wanted to add it to the board in case someone else comes looking.
↧
↧
September 8, 2014, 5:57 am
After every update, occurs some kind of magic on our cluster and I dont see Graphs (Network usage, web application firewal, etc.) anymore or they are partially deleted/cutted/eaten. My question is: how can I recover graphs from logs and if that is actually possible?
↧
September 8, 2014, 8:08 am
Any time I click on the live log icon in WebAdmin the popup window doesn't populate and I get multiple error boxes pop up with the following message:
Code:
Can't use string ("0") as a HASH ref while "strict refs" in use at /wfe/asg/modules/asg_logging.pm line 2296.
↧
September 8, 2014, 8:43 am
Hi Guys,
What is the best way to avoid Certificate error when using Web Filtering and accessing https website?
Currently using transparent mode (no authentication for windows and SSO for IOS) when SSO was activated for windows, I was also getting errors regarding passthrough.fw-notify.net.
Can this be fixed by uploading a public certificate? Shouldn't it resolve to the fqdn of the UTM instead?
↧
September 8, 2014, 10:43 am
Dear Folks,
I try to place my Exchange Server 2010 behind the WAF of my UTM (SG330, V9.205-12). Therefor I used the following How-To for a 9.2-Appliance
Sophos UTM Web Application Firewall
It mostly works, but I had to disable "HTTP Policy"in my Firewall-Profile "Exchange - All other Services" for making EAS working.
Now I have one more Problem: I cannot send Mails via OWA, in OWA I get the Error-Message "Access Denied".
Is this known and/or can anybody say somthing about this?
OWA worked fine as long as I had it behind a simple DNat-Rule and not behing WAF...
Thanls in Forward
TJ
↧
↧
September 8, 2014, 2:40 pm
I have a ubuntu box running a 802.1q tagged VLANs to my switch through a single NIC.
I have 2 VLANs created eth0.2 and eth0.3
I am trying to figure out if I can run the UTM on a Virtualbox and have the "external" on VLAN3 and the "internal" on VLAN2.
The idea is then test some hosts on the VLAN2 to route traffic through the UTM VM.
There is a reason for this madness.
1. I do not want to dedicate a box for firewall (for the time being)
2. I want certain IPs on my network to go through the IPS/Antivirus/URL filtering engine where other networks do not.
Comments?
-J
↧
September 8, 2014, 6:02 pm
I don't know why every date I get about 3+ Gigabyte download of Up2date files?
It's been going on since the installation.
Here is my info:
Firmware version: 9.206-35
Pattern version: 66146
Last check: 2 minutes ago
![]()
↧
September 8, 2014, 8:45 pm
Looks like my UTM running the latest firmware and definitions doesn't know what CrashPlan is. Just comes up as "unclassified". Therefore I can't view active usage and shape/throttle on the fly. Anyone know if there is a way to report this to development or create my own definition for it? Other ideas on how to teach the firewall what CrashPlan traffic is?:confused:
↧
September 8, 2014, 10:23 pm
Hi there,
Running a vanilla install of utm v9.205-12 as a VM running on VMware with two NICs attached. It's sitting behind an internet router running tomato USB.
On UTM The "External (WAN)" interface is 192.168.1.8 and default gateway 192.168.1.1 (tomato usb router)
The Internal interface is 192.168.42.1
All VM's running on vmware use 192.168.42.1 as their default gateway. On one of my VM's when I browse to say
Gameplanet Forums - New Zealand's video game community after awhile I get flooded with default drops with source port 80 and random dst ports.
Code:
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="23.23.250.228" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57252" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="54.252.165.43" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57230" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="68.232.44.121" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57222" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="176.32.102.89" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57241" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="68.232.44.121" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57224" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="68.232.44.121" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57227" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="176.32.102.89" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57245" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="68.232.44.121" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57228" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="176.32.102.89" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57242" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="68.232.44.121" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57225" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="68.232.44.121" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57223" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="74.125.204.95" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57226" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="117.18.237.139" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57240" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="184.84.63.139" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57239" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="54.252.165.43" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57229" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="202.124.127.46" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57236" tcpflags="RST"
2014:09:09-17:06:27 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="202.124.127.46" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57235" tcpflags="RST"
I understand that these are red herrings but how do I stop them from being logged as it makes it difficult trawling through to find legitimate traffic that's being blocked
Disabing web filtering and the drops change to ACK FIN
Code:
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="199.59.149.201" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="57600" tcpflags="ACK FIN"
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="202.124.127.46" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57593" tcpflags="ACK FIN"
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="202.124.127.46" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57594" tcpflags="ACK FIN"
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="202.124.127.46" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57595" tcpflags="ACK FIN"
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="31.13.82.32" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57610" tcpflags="ACK FIN"
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="176.32.102.89" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57602" tcpflags="ACK FIN"
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="23.23.250.228" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57606" tcpflags="ACK FIN"
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="176.32.102.89" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57598" tcpflags="ACK FIN"
2014:09:09-17:20:32 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="176.32.102.89" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57599" tcpflags="ACK FIN"
2014:09:09-17:20:33 labutm01 ulogd[4886]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:50:56:88:15:54" srcip="23.23.250.228" dstip="192.168.42.11" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="57607" tcpflags="ACK FIN"
This is a fresh install, only FW rule I added was to allow 192.168.1.0/24 access the webadmin interface on 192.168.1.8
![]()
![]()
![]()
↧
↧
September 8, 2014, 10:46 pm
I'm trying to throttle Netflix but the application definition "Netflix Video Stream" doesn't seem to apply to Netflix when using the app on XboxOne. Looking at the Flow monitor it seems like Netflix is using multiple HTTP connections to servers like *lax004.ix.nflxvideo.net.
Is it possible to modify or create new application definitions?
↧
September 9, 2014, 1:46 am
Hallo,
ich möchte gerne eine Zwei Faktor Authentifizierung einrichten. Bisher habe ich schon die Möglichkeit der Authentifizierung per Active Directory und per Hardware Token bzw. radius Server. Lassen sich diese beiden Möglichkeiten kombinieren? Beide Abfragen nacheinander?
Schönen Gruß,
Christian
↧
September 9, 2014, 4:42 am
Hi,
Version 9.206-35 added SMS gateway in the logging section, anybody knowing was Sophos has planned for? :-D
↧
September 9, 2014, 9:16 am
Hi
I just installed the Trial version of the lastest Sophos UTM in our company.
I wish to allow a set of hosts direct NAT connection to the WAN interface on the sophos system. So that the default gateway is the Sophos system, but it should behave as if though it is directly behind the WAN firewall.
I'm struggling to figure it out.
Can anyone please assist.
Much appreciated.
Regards
Rish
↧
↧
September 9, 2014, 9:47 am
Hello,
I just installed a UTM 120 for a client and setup L2TP VPN for remote access.
- I'm able to connect to the client via L2TP VPN using my iPad 2 and open a browser and get to the webadmin at 192.168.0.1:4444 without issue
- I'm able to connect to the client via L2TP VPN using my laptop and open a browser and get to the webadmin at 192.168.0.1:4444 and the FW showing the packet drop.
Both devices are on the same network 192.168.50.x
Can someone suggests what I'm missing?
Thank you in advance:confused:
↧
September 9, 2014, 11:26 am
UTM SG210
I have staff and students. Staff is in AD and students are not.
I have 2 policies set up. A strict one for students and a less strict one for staff.
Ad integration is set up and working. If I turn on authentication I can see staff authenticating. The problem is students that are not able to authenticate get blocked.
I set up profiles. The first one is set to authenticate and the second one is set not to authenticate. I make sure the first one does not say block access on authentication failure. When activated again I see my AD users authenticating fine but anyone not in AD is still getting denied and not moving down to the next profile and getting out with the stricter policy.
What am I doing wrong?
↧
September 9, 2014, 1:58 pm
Hello,
I’m trying to resolve a minor annoyance with WebAdmin accessed in local network.
- UTM runs in Hyper-V and WebAdmin is accessed via 192.168.1.110:4444
- Hyper-V runs on Server 2012R2 on 192.168.1.115 (name: server_1)
When I download the webAdmin certificate and install it on the PC from where I access WebAdmin I receive the warning that I’m trying to access 192.168.1.110 but that the server identifies itself as “server_1”, I already issued certificate via Remote Access on IP but obviously this was not working...
How should I resolve this? Any thoughts are most welcome.
Thank you :D
ShadowHunter
↧
