December 10, 2014, 11:41 am
Hallo zusammen,
Vllt kann mir jemand auf die Schnelle helfen.
Ich habe Zuhause eine Sophos ASG 120 mit UTM 9.210-20 und eine Domain bei one.com.
Ich bekomme den E-Mail Versand einfach nicht hin.
External SMTP Server ist bei mir der send.one.com über Port 2525. dieses habe ich bei Advanced mit den dazugehörigen Account angelegt.
Muss ich noch was beachten oder freigeben?
Viele Grüße und Danke Voraus
M!ch!
↧
December 10, 2014, 12:10 pm
I have an SSL VPN that will not complete connection. I have researched the user forums and applied recommended solutions in controlled tests. Regardless of the VPN configuration I end up with the error below in the client logs. I am unsure what "The system tried to join a drive to a directory on a joined drive" is referring to. The Device logs only show a connection attempt then disconnect. I have many other SSL VPN connections operating without issue and have mimicked those settings with no success. Please advise if you are seeing something I may not be. Thanks in advance.
<<START CLIENT VPN LOG>>
Wed Dec 10 13:24:25 2014 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Aug 28 2014
Enter Management Password:
Wed Dec 10 13:24:25 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Wed Dec 10 13:24:25 2014 Need hold release from management interface, waiting...
Wed Dec 10 13:24:25 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Wed Dec 10 13:24:25 2014 MANAGEMENT: CMD 'state on'
Wed Dec 10 13:24:25 2014 MANAGEMENT: CMD 'log all on'
Wed Dec 10 13:24:25 2014 MANAGEMENT: CMD 'hold off'
Wed Dec 10 13:24:25 2014 MANAGEMENT: CMD 'hold release'
Wed Dec 10 13:24:35 2014 MANAGEMENT: CMD 'username "Auth" "***"'
Wed Dec 10 13:24:35 2014 MANAGEMENT: CMD 'password [...]'
Wed Dec 10 13:24:35 2014 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Wed Dec 10 13:24:35 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Dec 10 13:24:35 2014 Socket Buffers: R=[8192->8192] S=[64512->64512]
Wed Dec 10 13:24:35 2014 MANAGEMENT: >STATE:1418239475,RESOLVE,,,
Wed Dec 10 13:24:35 2014 Attempting to establish TCP connection with [AF_INET]209.157.71.117:4445 [nonblock]
Wed Dec 10 13:24:35 2014 MANAGEMENT: >STATE:1418239475,TCP_CONNECT,,,
Wed Dec 10 13:24:45 2014 TCP: connect to [AF_INET]209.157.71.117:4445 failed, will try again in 5 seconds: The system tried to join a drive to a directory on a joined drive.
<<END CLIENT VPN LOG>>
<<START DEVICE VPN LOG>>
2014:12:10-13:47:24 fw openvpn[25109]: MANAGEMENT: Client connected from /var/run/openvpn_mgmt
2014:12:10-13:47:24 fw openvpn[25109]: MANAGEMENT: CMD 'status -1'
2014:12:10-13:47:34 fw openvpn[25109]: MANAGEMENT: Client disconnected
<<END DEVICE VPN LOG>>
↧
↧
December 10, 2014, 2:02 pm
First thanks Sophos for the home use product!
After the upgrade to 9.210-20 on Monday the VoIP function intermittently stops rewiring the SIP Via and Contact headers breaking SIP signalling.
Setup is CUCME behind the UTM with media pined through a MTP so RTP and SIP signalling is presented from the same Internal IP Address regardless of the endpoint. SIP is registered to a ITSP through the SIP UA on the CUCME with register settings that have worked for a number of years before and after migration to the Sophos UTM product. SIP ALG is disabled.
Issue can be temporarily resolved by disabling and re-enabling VoIP then changing the Security Option and clicking Apply.
Using TCPDump via SSH to monitor the SIP signalling immediately breaks the header re-write function.
At this stage I am thinking of disabling the VoIP function for manual NAT / Firewall rules with header manipulation on the CUCME just to get it working again. Anyone else having this issue after the upgrade or maybe point me in the direction of a possible fix.
↧
December 10, 2014, 3:09 pm
Hello everyone,
I'm looking for a 'best practice' for connecting 3 LANs together using the Sophos SG 210.
Here's the scenario:
Site A is connected to Site B which is also connected to Site C. Site A and C are not directly connected however they will need to be able to exchange data through site B.
So, it would look something like this:
A ----- B ----- C
I should mention that each site also has it's own connection to the internet as well so we should draw it more like this:
Internet
/ | \
A --- B --- C
Since the SG 210 has more than enough Ethernet ports in it, I'm planning the following layout:
Site A - 10.1.10.x
eth0 LAN
eth1 WAN
eth2 connection to eth2 at Site B
Site B - 10.1.20.x
eth0 LAN
eth1 WAN
eth2 connection to eth2 at Site A
eth3 connection to eth2 at Site C
Site C - 10.1.30.x
eth0 LAN
eth1 WAN
eth2 connection to eth2 at Site B
So far I think that the first layer makes sense because it is logical and there aren't many other ways to make this happen (other than site-to-site VPNs using the internet connections creating a lot of traffic on an otherwise sleepy internet connection)
Here's my question:
When I configure the interfaces for the site-to-site Ethernet connections (IE: eth2 at Site A), should they be given IPs in a totally different range (say 10.100.100.0/8)?
Another question:
How do I go about building the routes between the sites? I only want the traffic bound for other sites to be passed across the site-to-site links. (IE: 10.1.10.157 at Site A wants to talk to 10.1.30.16 at Site C)
Bonus question:
What needs to be configured to allow the sites to fail-over to the other site's internet connections but use their primary connections by default until the link is unavailable?
NOTE: I have been considering doing this using site-to-site VPN connections but am a little confused about how traffic would route from A to C as well as the overhead created by the encryption.
Thanks for reading and thanks more if you respond!
↧
December 10, 2014, 4:42 pm
Hi,
I am trying to find a out why the Spotiy web play (play.spotify.com) isn't working through our new Sophos 525.
The site loads and I receive a message telling me "Sorry, but it seems that we cannot stream music to you at this time." I have gone through the Web Filtering logs over and over but I cannot see anything that is being blocked.
Unblocking Spotify is not such a huge concern, I am more concerned with working out how to find websites or applications that do not function 100%. I have gone through the Web Filtering logs and the Firewall logs but nothing is showing up.
Has anyone else seen this. I would like to be able to give people the ability to use the site if they so wish.
Thanks
↧
↧
December 11, 2014, 7:02 am
Servus,
ich habe gesehen das man neuerdings bei der FullGuard die Endpoint Protection aktiviren kann. Was kann die bzw. was kann die nicht? Mit welcher Software ist sie gleich zu setzen? Antivirus oder Endpont-Protection Business?
↧
December 11, 2014, 7:16 am
↧
December 11, 2014, 7:35 am
if so, can you provide us with some feedback ?
thanks !
↧
December 11, 2014, 7:54 am
Hello,
I am using web filtering for filter content on internet.
I join astaro to AD and created AD groups where are the users which can access on internet.
Today I was add new user there and astaro he is blocked in web browser by astaro.
If I try policy test on username and www site it shows allowed but in web filtering log user is blocked.
Only what I do last time is installation of new updates on windws server domain controller.
here is the block line.
Code:
2014:12:11-14:56:59 mail-1 httpproxy[6544]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="GET" srcip="192.168.100.121" dstip="" user="mn-test" ad_domain="MY-DOMAIN" statuscode="403" cached="0" profile="REF_HttProAccesPolic (Access policy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3311" request="0x1c1282e8" url="http://seznam.cz/" exceptions="" error="" authtime="118" dnstime="0" cattime="414566" avscantime="0" fullreqtime="420450" device="0" auth="2" country="Czech Republic" category="141" reputation="neutral" categoryname="Portal Sites" reason="category"
Othor users in same group cann access to this sites but they was add before.
Does any know whost could be wrong.
Thank you.
↧
↧
December 11, 2014, 7:59 am
I've put together a quick getting started document to help everyone get started. If you've had a chance to launch the beta version, let us know. I'm interested in any and all feedback.
↧
December 11, 2014, 8:54 am
Hello,
today I noticed 6000 attacks dropped in webadmin dashboard.
In log file I see a lot of entries, all caming from the same ip/destination:
2014:12:11-10:44:34 *** snort[22194]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="(ftp_telnet) FTP command parameters were too long" group="410" srcip="192.***.***.***" dstip="***.***.***.***" proto="6" srcport="49705" dstport="21" sid="3" class="Attempted Administrator Privilege Gain" priority="1" generator="125" msgid="1"
Now... the strange things I see are:
1) action is "alert", so why dashboard says attacks blocked?
2) ips is active for other interfaces, not for the one listed as srcip, so why attacks are detected?
3) in any case, I have a rule that bypass ips for "internet" destination (such in this case)
4) FTP attack pattern is unactive (...or this rule is classified as "protocol anomaly?)
5) the users really experiences ftp issues
Can anyone help me in finding an explanation?
thanks
eclipse79
↧
December 11, 2014, 9:02 am
When deploying the HA template in one of my accounts, deployment failed. The first error in the event log was
Quote:
Value (us-east-1c) for parameter availabilityZone is invalid. Subnets can currently only be created in the following availability zones: us-east-1b, us-east-1d, us-east-1a, us-east-1e.
|
I tried manually creating a subnet in us-east-1c in this account, and AWS threw the same error again. I'm not sure of the cause on the AWS site currently, but it didn't happen when I tested in another AWS account.
If anyone encounters anything similar in their own setups, I was able to avoid the problem as follows:
Download the template, and edit the following section:
Quote:
"Mappings" : {
"SubnetConfig" : {
"Subnet1" : { "AZ" : "us-east-1c" },
"Subnet2" : { "AZ" : "us-east-1d" },
"Subnet3" : { "AZ" : "us-east-1e" }
},
|
In my case, I changed
us-east-1c to
us-east-1b, then deployed with the edited template instead, and it deployed without any further problems.
↧
December 11, 2014, 9:11 am
The attached license may be used for testing for the duration of this beta
↧
↧
December 11, 2014, 11:54 am
Hey all-
I've had SPX Encryption configured and working for some time now. Last week, I updated to 9.303 (I think?). Today, we tried sending some encrypted messages- the system recognizes the trigger, encrypts the message, sends the password back, and everything appears to work, but when the encrypted PDF is opened, attachments are never there anymore. I've tried .doc, .docx, and .pdf, none of them come through. The message is there, but no attachments. This was working in 9.2.
I also just updated to 9.304- same issue. Is anyone else seeing anything like this? I need to get this working again.
Thanks!
Ryan
↧
December 11, 2014, 11:57 am
running UTM9 (9.304)
I have a NAT rule enabled to forward FTP traffic to an internal FTP server. It works, but the connection is denied when I enable and configure the FTP proxy.
This is what appears in the UTM logs:
2014:12:11-11:59:02 asg frox[20709]: Connect from x.x.x.x
2014:12:11-11:59:02 asg frox[20709]: ... to x.x.x.x()
2014:12:11-11:59:02 asg frox[20709]: Denied by ACLs.
2014:12:11-11:59:02 asg frox[20709]: Closing session
I have seen threads discussing this, but did not identify a clear resolution. What step(s) am I missing?
↧
December 11, 2014, 3:17 pm
Hello,
I'm currently investigating the fact of using Sophos UTM in our company and I don't understand something about SSL VPN.
Let me introduce the situation:
We have 2 WAN connections:
- WAN1 which is the default gateway.
- WAN2 which is a ADSL line which must be used for VPN SSL purpose only.
The 2 WAN connections are not configured to function in Uplink Interfaces.
Also, we have a Internal network with all our network users.
I would like to set up a SSL VPN but I want this VPN to be configured on WAN2... What do I have to do? So far, I did the following:
- Configuration of User Portal listening on WAN2 interface on port 443. I don't want every interface to be used for User Portal. Allowed users is the group "VPN Users" (which is an AD group). Allowed network is "Any". I guess the hostname is only useful to add it in our internal DNS right, for Internal users access?
- Configuration of SSL VPN with some allowed users ("VPN Users" group) with access to all networks (no split tunneling, I want all the remote user traffic to come in the UTM). It's listening on port 443 on WAN2 interface also. Hostname has been configured with a correct external DNS. I also checked the auto-firewall rules option.
- On masquerading I have the following:
Internal --> WAN1
VPN Users (User Group Network) --> WAN1 ==> to enable our remote users to access the Internet for example
- On firewall rules:
Internal | "Any" Protocol | "Any" destination
VPN Users (User Group Network) | "Any" Protocol | "Any" destination
Unfortunately, when trying to reach WAN2 interface with a remote user, I have nothing. No user portal :/
If I replaced WAN2 interface by WAN1 interface in User Portal and SSL VPN listening interface, it works. How can I use my WAN2 interface (which is not the default GW) for SSL VPN?
I also tried to put WAN2 as default gateway and changing all rules and then put WAN1 for SSL VPN purpose but it still doesn't work.
The aim, at the end, is to have 3 WANs:
- WAN1 & WAN2 configured as Gateway by using Uplink Interfaces.
- WAN3 which will be used for VPN SSL.
Is it possible? Can you help me by telling me what I did wrong?
Don't hesitate to ask me further information if needed, even screenshots if necessary.
Thanks a lot Sophos guys.
Regards,
DeltaSM
↧
December 11, 2014, 4:01 pm
When my remote users connect to my AWS Sophos UTM, they are given a 10.242.0.0/16 IP address. When they connect to the servers on the inside of the Sophos, the Sophos will NAT them to an internal address.
How do I replace the NAT with routing? I'm assuming it is related to my Masquerading rule. My Masquerading rule shows Any -> Internal. This doesn't make sense. I would expect it to NAT my point-to-point VPN traffic too.
I have no NAT (Network Protection, NAT, NAT) rules.
Where should I look to change to routing?
↧
↧
December 11, 2014, 4:24 pm
I've setup load balancing of UDP traffic with a single virtual server ip address. It load balances between 5 real servers.
The load balancer only functions if I setup a rule in the firewall that allows clients to connect to the real servers via UDP.
My thought is that the only rule that should be required is one that allows clients to connect to the virtual server ip address. Am I wrong about this?
What I want is for the outside world to be able to connect to the virtual server ip address but not the real server ip addresses. How can I do that?
↧
December 11, 2014, 5:47 pm
Is there a way to set up a monitoring port on the UTM to send a copy of all traffic, or just some networks, to an external 3rd party IDS?
↧
December 11, 2014, 7:03 pm
When using Sophos WiFi devices, could someone in the know please explain the difference between Auto Channel Selection and their Dynamic Channel Selection.
Here are the explanations from the UTM help screens:
Auto: Either keep the default setting Auto which will automatically select the least used channel for transmit or select a fix channel.
Dyn Chan: If selected, the AP scans all available channels and connects to the channel with the best signal.
What??? These explanations are definitely in need of revisions, particularly in deference to when, why and how they're different.
↧
