OpenVPN for Android/UTM9.3

December 8, 2014, 2:41 am

≫ Next: UTM 9.3 on own hardware

≪ Previous: SMTP rejected our certificate?

$

0

0

Hi guys. I'm using UTM 9.3 and trying to reach my UTM via VPN. In order to do so, I generated a .config which I downloaded through the UTM user portal into OpenVPN for Android.

So far so good, until I get this message while importing:

Error reading config file
No endtag </key>IPv4</key> for starttag <key>IPv4</key> found

In the .config, it says (copy/paste) <key>IPv4</key>

So, who knows what's going on here and how to fix it.

Thanks!

---

UTM 9.3 on own hardware

December 8, 2014, 2:56 am

≫ Next: Random disconnects – milliseconds

≪ Previous: OpenVPN for Android/UTM9.3

$

0

0

Just to let you know guys that I succeeded in installing UTM9.3 with a Home Use license on one of these machines. I installed from USB, using the Rufus-route. Had to do the mount /dev/sdb1 /mnt thingy to get it running.

I've bought the i7-machine with (of course) dual NIC's, regular (non SSD) HD and 8 Gb RAM. After two day of (stress) testing, I can happily report that my CPU-usage never gets above 14% and my RAM-usage stays around 20% with dual AV engines selected and IPS-standard settings (out of the box).

Furthermore I'm getting a full 90Mbit/sec on a 90/10-line. No major 9.3 glitches found until now.

I'm happy! Thanks for helping me out in this forum.

Random disconnects – milliseconds

December 8, 2014, 3:28 am

≫ Next: eingeschränktes Userinterface

≪ Previous: UTM 9.3 on own hardware

$

0

0

Since the latest upgrade came through a couple of days ago I'm getting email alerts from my UTM stating internet down it's obviously very brief because the times in the emails are identical to the second.
Also I'm getting the internet is up email before the internet is down email.
Is anyone else having this issue - email example below...

Your internet uplink External (WAN) is down!

There are now 0 uplink interfaces up and 1 uplink interfaces down.

Name Of UTM

--
System Uptime : 2 days 12 hours 45 minutes
System Load : 0.12
System Version : Sophos UTM 9.210-20

Please refer to the manual for detailed instructions.

eingeschränktes Userinterface

December 8, 2014, 4:18 am

≫ Next: Sophos Connection to server timed out

≪ Previous: Random disconnects – milliseconds

$

0

0

Servus,

kann man das Userinterface für "normale" User erinschränken und für Administratoren in vollem Umfang anzeigen?

Aktueller Punkt ist der, das ein User die Hotspot Funktion haben soll, dasmit das Ganze aber übersichtlich bleibt soll er keinen Zugriff auf SMTP usw. haben.

Ich habe nur die generelle Einstellung gefunden was angezeigt werden soll und was nicht. Wenn ich hier einstellungen vornehme werden die für alle User übernommen.

Sophos Connection to server timed out

December 8, 2014, 4:25 am

≫ Next: Update notifications stuck in loop

≪ Previous: eingeschränktes Userinterface

$

0

0

Hallo,

ich habe die Sophos SG230 mit aktuellem Patch Level 9.210-20 und Web Protection aktiviert.
Der Proxy ist im "Standard Mode".
Heute morgen hat mir ein Anwender mitgeteilt, das er auf die Webseite Gute Fragen - hilfreiche Antworten - die Ratgeber Community gutefrage.net keinen Zugriff mehr hat.
Fehlermeldung: Connection to server timed out
Im Log sieht man folgende Meldungen:
2014:12:08-13:16:55 CHxx00 httpproxy[5565]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="GET" srcip="192.168.x.x" dstip="213.95.206.42" user="" ad_domain="" statuscode="504" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffDefauIdentFilte (Default filter action)" size="2501" request="0x9f213d0" url="http://www.gutefrage.net/" exceptions="" error="Connection to server timed out" authtime="0" dnstime="58316" cattime="63060" avscantime="0" fullreqtime="60821531" device="0" auth="0" category="112,159" reputation="neutral" categoryname="Entertainment,Forum/Bulletin Boards"

Vor dem Update hat die Webseite noch funktioniert.
Antivirus Scanning habe ich auch schon deaktiviert, hat aber nichts gebracht.
Ohne Proxy funktioniert der Aufruf ohne Probleme.

Update notifications stuck in loop

December 8, 2014, 6:19 am

≫ Next: Loading 'logging and reporting' takes a long time

≪ Previous: Sophos Connection to server timed out

$

0

0

Hi,

Customer running 9.209 and after 9.3 was released, I waited with the upgrade, in the meantime 9.210 was released and now I get 25 mails each day, and the last one ending with the notification limit has been reached:

Code:

---

The following Firmware Up2Date package has been successfully downloaded and is now available for installation: 9.303002

For more information about this package please see the attached information.
       
--
HA Status          : HA MASTER (node id: 2)
System Uptime      : 4 days 0 hours 3 minutes
System Load        : 0.92
System Version    : Sophos UTM 9.209-8

Please refer to the manual for detailed instructions.

The send limit for this notification has been reached. No further notifications of this type will be sent during this period.

---

Is this because customer is running HA or how can I prevent theese without updating or disable notification :)

Loading 'logging and reporting' takes a long time

December 8, 2014, 7:35 am

≫ Next: eDirectory SSO problem

≪ Previous: Update notifications stuck in loop

$

0

0

Anyone else noticed that after the update to 9.210-20, it takes a long time before 'today's logfiles' appear when navigating to 'logging and reporting' -> 'view logfiles'?

eDirectory SSO problem

December 8, 2014, 10:01 am

≫ Next: SNMP Bandwidth Disrepancy?

≪ Previous: Loading 'logging and reporting' takes a long time

$

0

0

Is there anyone here on the boards that is running eDir SSO? I'm curious if you are seeing random proxy authentication prompts that popup for [seemingly] no reason.

---

SNMP Bandwidth Disrepancy?

December 8, 2014, 10:07 am

≫ Next: Exchange 2013 via WAF and hybrid Office 365 deployment

≪ Previous: eDirectory SSO problem

$

0

0

I've noticed this issue since installing the first verion of UTM v9...

The measured bandwidth on the UTM interfaces don't seem to agree. These appear to be off by a consistent percentage, so as the bandwidth usage increases, the difference increases proportionately.

Just to set the stage, I'm running Sophos UTM v9 (always latest version) on VMware ESX 5.5 with two interfaces... Internal and External (internet-facing). The ISP service maximum is 50Mbit (verified through previous testing).

When downloading a file to an internal host from an external internet simple FTP server, Sophos UTM is indicating a download speed of 60Mbit on the external internet NIC and 47Mbit on the internal NIC. These numbers are witnessed on the webmin dashboard, as well as through an external SNMP polling application.

Any idea why the difference? Is this a known bug?

Exchange 2013 via WAF and hybrid Office 365 deployment

December 8, 2014, 10:16 am

≫ Next: ASG320 rev 4 ram options

≪ Previous: SNMP Bandwidth Disrepancy?

$

0

0

Hi,

I am publishing Exchange 2013 currently via Sophos UTM as the WAF (although it isn't doing much in the way of WAF as it broke clients). Unfortunately NTLM is disabled as it doesn't seem to go through the WAF. I need to connect this now to Office 365 to run as a hybrid deployment, and wonder if anyone else has done this before, or whether I am going to have to remove the UTM from the mix and publish the CAS server directly?

Thanks.
Andrew.

ASG320 rev 4 ram options

December 8, 2014, 10:17 am

≫ Next: Integrated wireless on SG1xx appliances

≪ Previous: Exchange 2013 via WAF and hybrid Office 365 deployment

$

0

0

Does the ASG320 rev 4 support 4GB ram upgrade?

Integrated wireless on SG1xx appliances

December 8, 2014, 10:25 am

≫ Next: Beta Launch

≪ Previous: ASG320 rev 4 ram options

$

0

0

Hi,

I am pritty much decided to go for one of the SG1xx appliances with wireless as buying the hardware, getting the home use license and the relevant wireless access point is not hugely cheaper than buying the official hardware. My question relates to the integrated wireless support on these units - has anyone got real-world experience of using one in a SOHO environment? Also, do you know what wireless standards are supported (i.e, 5GHZ etc)?

Thanks.
Andrew.

Beta Launch

December 8, 2014, 10:25 am

≫ Next: Finding What is being blocked

≪ Previous: Integrated wireless on SG1xx appliances

$

0

0

Hi Everyone, welcome to the beta launch forum for our new Amazon Web Services HA feature release.

First off, what is this beta for? Currently, Sophos UTM offers a popular high availability option for hardware, software or virtual UTM installs. Due to the nature of Amazon's AWS service, this HA isn't usable in an Amazon virtual environment. What is needed is a solution that is aware of AWS, and able to take advantage of that environment, to allow automated recovery in the event of a problem. That's what this AWS Beta Launch is about.

How it works:
By launching the UTM from a CloudFormation template, we can setup a central storage point using Amazon S3, to store configuration, logs, and reports. We can also setup automated logging of the UTM using Amazon's CloudWatch. Then, in the event that CloudWatch detects an outage, it can automatically trigger a new UTM instance to be launched in a separate availability zone. The new instance will restore all logs, reports and config from the S3 storage, and will also migrate the elastic (public) IP attached to the UTM, to the new instance, allowing the system to be fully and automatically recovered in the event of a problem.

Some important considerations:

• This release is currently based off of UTM version 9.210
• Version numbers for this release will not follow normal UTM version numbers, as this is not strictly a separate version tree from the UTM software ISO
• We'll track the beta release numbers using the AMI ID of the image
• This beta release is made available as a community AMI, and as such is only available in the us-east-1 region, and is not available as an hourly billing instance during the beta process
• The update process is not yet complete. we will be offering a 9.3 based version of the beta soon, but because cloudformation will currently only launch a 9.210 AMI, upgrading your instance to 9.3 will likely result in a system that can't failover to a working instance when needed. For the time being, please refrain from updating your AMIs to newer versions.

The CloudFormation template to launch the beta is offered here:
https://s3.amazonaws.com/sophos-nsg-...10-ha.template

To launch the beta, login to your AWS console, switch to the us-east-1 region, then choose the CloudFormation service in the console. From there, you can launch a new cloudformation template, using the S3 URL above

As always, your feedback is welcome. Happy Testing!

Finding What is being blocked

December 8, 2014, 11:09 am

≫ Next: A new linux trojan

≪ Previous: Beta Launch

$

0

0

My users need to access a website that has some video streams on it (our sports team uploads the most recent game and this site provides analysis).

On a workstation where I bypass the content filtering, I can access the videos. On a regular WS, the site is accessible but the streams hang and do not display.

I've entered the website domain into the exceptions/allow list, but still something is getting stopped someplace (no Sophos redirect page is displayed, the video just doesn't play).

I suspect the embedded video stream is coming from another hosted domain. What is the best way to track where the WS is going so that I can open the site?

A new linux trojan

December 8, 2014, 2:07 pm

≫ Next: HA pair with only HA cable connected?

≪ Previous: Finding What is being blocked

$

0

0

A new Linux Trojan, perhaps nation state backed

https://securelist.com/blog/research...nquin-turla-2/
Powerful, highly stealthy Linux trojan may have infected victims for years | Ars Technica

the known C&C server, does not show up on the current ATP filter, so might be a good idea to add it to black list.

news-bbc[.]podzone[.]org 80[.]248[.]65[.]183

---

HA pair with only HA cable connected?

December 8, 2014, 10:28 pm

≫ Next: Schnittstelleneinstellungen auf anderes Interface

≪ Previous: A new linux trojan

$

0

0

We have some small offices where we are deploying redundant pairs of SG115s. These offices typically have a small dumb switch with no VLAN capability.

If we just use the SG pair with nothing but the HA cable connected, will that be sufficient for the partner device to stay up to date (config and firmware updates) or do we need to have the partner device connected to the WAN as well?

The idea would be that if the primary device ever failed, onsite staff would simply shift the WAN and LAN connections from primary to spare...

Schnittstelleneinstellungen auf anderes Interface

December 8, 2014, 10:40 pm

≫ Next: IPSEC Site to Site with certs no longer works.

≪ Previous: HA pair with only HA cable connected?

$

0

0

Hallo zusammen,
mein öffentliches IP Netz soll umgestellt werden. Derzeit ist das öffentliche Netz auf eth1. Das IP Netz möchte ich mit allen Einstellungen auf eth7 konfigurieren und nach der Migration abschalten. Bleiben dabei sämtliche Einstellungen bestehen oder muß ich danach alle Regeln etc. neu konfigurieren?

Danke für Eure Antworten!

IPSEC Site to Site with certs no longer works.

December 9, 2014, 12:58 am

≫ Next: [9.303-2][DHCP6]MACS don't get assigned an address

≪ Previous: Schnittstelleneinstellungen auf anderes Interface

$

0

0

I've had a site to site VPN link working ok between a few sites, for years.

They used certs to authenticate and all happy. The certs are not expired.

Now, the sites connect but no traffic flow, (cannot ping etc). Tried recreating with new certs, still no good.

Recreated using RSA keys for auth, works fine.

Anyone got any clues on this?

[9.303-2][DHCP6]MACS don't get assigned an address

December 9, 2014, 1:46 am

≫ Next: SMTP error from remote server after transfer of mail text

≪ Previous: IPSEC Site to Site with certs no longer works.

$

0

0

Hi folks,
I have been trying to workout why my MACs all running 10.10.1 don't get an assigned DHCP6 address. Doesn't matter if cable or wifi connected.
If I turn on prefix advertisment they all pickup an IPv6 address.

Using advertisment does not allow you to control what a device does based on IP address. This means you have to go to more sophisticated user management system, which for home users and many small business is not an option.

Ian

SMTP error from remote server after transfer of mail text

December 9, 2014, 2:28 am

≫ Next: Web Filter DNS Issue

≪ Previous: [9.303-2][DHCP6]MACS don't get assigned an address

$

0

0

Hello,

one of our customer cant send e-mails to our exchange server.
the error message is:
SMTP error from remote server after transfer of mail text:
host: mail.myhost.de
Administrative prohibition

In my UTM-mail-manager I can find that message as "rejected: spam (confirmed)".

I have enter the recipient in my whitelist with no effect.

After that, I have also send an e-mail from my private gmx-account to my company-address, with the same content. this message was also rejected. I have make some tests and found out, that the emails was rejected, if the hompage-link of the recipient was in the email-signature. But the same message send as text-format is gone.

Code:

---

2014:12:08-13:10:00 mail exim-out[6575]: 2014-12-08 13:10:00 Start queue run: pid=6575
2014:12:08-13:10:00 mail exim-out[6575]: 2014-12-08 13:10:00 End queue run: pid=6575
2014:12:08-13:10:28 mail exim-in[4913]: 2014-12-08 13:10:28 SMTP connection from [10.0.0.1]:45969 (TCP/IP connection count = 1)
2014:12:08-13:10:28 mail exim-in[6683]: 2014-12-08 13:10:28 [10.0.0.1] F=<my-email> R=<other-email> Accepted: from relay
2014:12:08-13:10:28 mail exim-in[6683]: 2014-12-08 13:10:28 1***92-0001jn-2h <= my-email H=(mail.my-email) [10.0.0.1]:45969 P=esmtps X=TLSv1:AES128-SHA:128 S=8130 id=B219763CAA1B0B4290ADAFA4F85D191C2709C496@WINSBS2K11.my-email.local
2014:12:08-13:10:28 mail exim-in[6683]: 2014-12-08 13:10:28 SMTP connection from (mail.my-email) [10.0.0.1]:45969 closed by QUIT
2014:12:08-13:10:30 mail smtpd[4869]: QMGR[4869]: 1***92-0001jn-2h moved to work queue
2014:12:08-13:10:40 mail smtpd[6703]: SCANNER[6703]: 1***9E-0001k7-ES <= my-email R=1***92-0001jn-2h P=INPUT S=7013
2014:12:08-13:10:40 mail smtpd[6703]: SCANNER[6703]: 1***9E-0001k7-ES [DLP] Matching DLP expressions
2014:12:08-13:10:40 mail smtpd[6703]: SCANNER[6703]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="10.0.0.1" from="my-email" to="other-email" subject="bla bla bla" queueid="1***9E-0001k7-ES" size="7013"
2014:12:08-13:10:40 mail smtpd[6703]: SCANNER[6703]: 1***92-0001jn-2h => work R=SCANNER T=SCANNER
2014:12:08-13:10:40 mail smtpd[6703]: SCANNER[6703]: 1***92-0001jn-2h Completed
2014:12:08-13:10:41 mail exim-out[6705]: 2014-12-08 13:10:41 1***9E-0001k7-ES => other-email P=<prvs=0419e070a0=my-email> R=dnslookup T=remote_smtp H=mail.otherdomain.de [213.160.27.85]:25 C="250 Requested mail action okay, completed"
2014:12:08-13:10:41 mail exim-out[6705]: 2014-12-08 13:10:41 1***9E-0001k7-ES Completed

---

any idea?