Quantcast
Channel: Sophos User Bulletin Board
Viewing all 14361 articles
Browse latest View live

iView, DNS server on Internal interface?

February 17, 2015, 6:33 pm
$
0
0
Do others observe an open DNS resolver listening on the Internal interface of an iView system?

From another system on the "Internal" network:
Code:
dig +short test.openresolver.com TXT @iview-server

Version:
Code:
iviewtest:/var/log # version

Current software version...: 1.001004
Hardware type..............: Software Appliance
Installation image.........: 1.000-11.1
Installation type..........: iview
Installed pattern version..: 75672
Downloaded pattern version.: 75672
Up2Dates applied...........: 1 (see below)
                            sys-1.000-1.001-11.4.1.tgz (Feb 17 20:24)
Up2Dates available.........: 0
Factory resets.............: 0
Timewarps detected.........: 2
Search

Twitter not blocked because of categorization order

February 18, 2015, 3:22 am
$
0
0
Hello,
I had setup time based policy to block social networking, but UTM is not blocking Twitter although it is detecting "Twitter" as the application.
When testing the url "twimg.com" through the policy help desk in the UTM, it shows the url category as "Content Server" and not "Social networking".
I checked the Trusted Source Smart Filter XL database, Twitter is categorized as "Content Server" in the 1st position and "Social networking" in the 3rd position.

I think something is not coherent here and could be fixed :
UTM should do some correlation between "Twitter" as a detected application and "Social networking" as a category,
or,
UTM should check the url against all the categories listed in the Smart Filter XL database and apply the most restrictive schema.
PS: I raised a reassessment ticket to Trusted Source and got a negative feedback.

Qos help needed, not sure what I need it or ext?

February 18, 2015, 4:27 am
$
0
0
Hi,

I want to implement qos on our utm but I am unsure how to do it. Basically we only have 8meg down and 1meg up, so I want to set it so that I do not bottleneck. I have 5 users who use the web, an exchange server, and vpn's running. I kind of see what I have to do but the part that I am unsure about is in bandwidth pools and download throttling you have to select internal or external interface when creating a rule. What does that do? Does it mean if I select internal that rule only applies to traffic internally and the opposite with external.?

Basically I need to slice up the traffic going both ways, but unsure how to do this.

Can anyone help?

Thanks

Jk

POP3 not working

February 18, 2015, 5:43 am
$
0
0
I am not using the POP3 proxy as I am not licensed for the email protection component of UTM.

I have a standard firewall rule in place to allow all Email Messaging protocols and TLS 587 from my LAN to any.

When my clients sync outlook they do not receive any emails. Outlook is configured to access gMail POP3 on port 995, when their requests hit my firewall, the rule is green and the traffic is allowed, however I only see a single entry on the live log, with the [SYN] tag.

13:41:53 Packet filter rule #4 TCP
172.16.84.132 : 55230

74.125.71.108 : 995

[SYN] len=52 ttl=126 tos=0x00 srcmac=30:f7:0d:4e:0d:7f dstmac=d4:be:d9:fb:98:81

Could anyone assist me troubleshooting this? It was working fine on Monday with Microsoft TMG, now we have replaced with UTM it has stopped working.

Reverse auth

February 18, 2015, 5:46 am
$
0
0
Hi
I'm completely new to Sophos UTM.
Trying to publish a website using reverse auth.

I get the form login and can access www.test.com .. If I make new site path route for /folder and choose a reverse auth profile, I get access denied when trying to reach www.test.com/folder

Access without using reverse auth profile is ok.

Sorry for the messy description.

Seems like I cannot access virtual directories in website - even if I create site path routes for these directories....

Auswertung zur Mailsecurity TLS oder kein TLS

February 18, 2015, 6:31 am
$
0
0
Hallo zusammen,

da meine Testlizenz nun abgelaufen ist und ich in den nächsten Tagen sicherlich erst meine Echtlizenz bekomme, kann ich momentan nicht selber testen.
Folgende Frage: Gibt es zur Mailsecurity eine Möglichkeit auszuwerten, welche Mailserver / Domänen eingehend wie ausgehend Mails per TLS-Verschlüsselung austauschen und welche nicht?
Ich würde gerne möglichst viel / alles ausschließlich über TLS abwickeln, möchte aber vermeiden, dass uns dann die ein oder andere Kommunikation abhanden kommt...

Hoffe, dass es verständlich war.

Beste Grüße

Kategorie zur URL herausfinden

February 18, 2015, 6:35 am
$
0
0
Hallo zusammen,

es steht ein Wechsel von der PaloAlto zur SOPHOS an. Zur PaloAlto gibt es eine Datenbank, die man dazu nutzen kann, zu einer URL die Kategorisierung herauszufinden ohne die Seite vorab anzusurfen. Gibt es etwas vergleichbares in der SOHPS oder auf einer Webseite von SOPHOS auch?
Es müssen nämlich viele Seiten einzeln freigegeben werden, weil bislang die Nutzung von Kategorien nicht überall auf Gegenliebe gestoßen ist. Das kann ich dann vermutlich erst sukzessive anschließen wieder auf Kategorien zurückdrehen.

Besten Dank

utm proxy does not have any category anymore

February 18, 2015, 6:35 am
$
0
0
Release 9.307-6

when i go to:

web protection -> web filter profiles -> new filter action
click on categories

the field category is emtpy , and i am not able to add something.

whys that ?
Search

virtual MAC for WAN in HA

February 18, 2015, 7:00 am
$
0
0
We have to UTM 220s in an active-passive configuration with two Internet connections. The ISP for one of the Internet connections needs to know the MAC address that the cable modem is connected to in order to assign a static IP. Is it advisable to use the same virtual MAC on both UTMS for that connection so that when the slave node of the HA takes over we don't have to call the ISP and register the modem with a new MAC?

RED10 mit DHCP im Ziel-LAN

February 18, 2015, 7:08 am
$
0
0
Hallo,

Folgende Konstellation in Aussenstelle:
Domain-Controller mit DNS und DHCP im Aussen-LAN
7 Clients
ADSL mit Router, an dem DHCP aus ist

Dort soll ein RED10 hin. Wenn ich es zwischen Router und LAN-Switch stelle kriegt es keine IP-Adresse. Der Tipp war, das RED einmal irgendwie mit dem Internet zu verbinden. Okay, also hänge ich WAN an den Switch, DHCP kommt vom DC und RED konfiguriert sich. Nun nehme ich RED mit WAN zum Router und LAN zum LANswitch. RED ist erreichbar aber kein Client.

Nehmen wir mal an, das Netz hat 192.168.10.0, der DC/DHCP/DNS hat 192.168.10.1, der Router 192.168.10.254. Irgendwie habe ich da ein Verständnisproblem. Mit RED dazwischen kriegen die im Split-moder ihr Gateway ja nicht mehr.

Wie auch immer, was muss ich einstellen und wie vorgehen, damit ich in das Netz einen Tunnel, ideal im Split-mode oder bei Bedarf auch vereint angebunden kriege ohne die Kleindomäne IP-migrieren zu müssen? DHCP soll in jedem Fall der DC bleiben.

Danke

please someone can explain or reproduce this

February 18, 2015, 7:24 am
$
0
0
hello all

following situation:

ATP and IPS enabled
On a client PC -> open cmd prompt -> ping commonname.com
(answer: host could not be resolved)

ATP Alert:

16:07:25 AFCd UDP Troj/Dluca-BM (internalDNSServer01IP) → 193.247.204.1 drop
16:07:26 AFCd UDP Troj/Dluca-BM (internalDNSServer02IP) → 193.247.204.1 drop
16:07:29 AFCd UDP Troj/Dluca-BM (internalDNSServer02IP) → 193.5.23.1 drop
16:07:29 AFCd UDP Troj/Dluca-BM (internalDNSServer01IP) → 193.5.23.1 drop
16:07:33 AFCd UDP Troj/Dluca-BM (internalDNSServer02IP) → 164.128.36.34 drop
16:07:33 AFCd UDP Troj/Dluca-BM (internalDNSServer01IP) → 164.128.36.34 drop

The Internet IP are the DNS-Forwarders of our ISP

UTM Release 9.307-6

Thanks a lot :-)

Reverse Authentication / OWA Exchange 2013

February 18, 2015, 8:07 am
$
0
0
Hi,

I´m been reading several posts from this forum trying to figure it out what i´m doing wrong - but unfortunatelly i didn´t had any success.

Basically, i´m configuring the OWA using the webserver protection, w/ reverse authentication.

What i´ve done:

a)Created the real webserver (https - port 443).

b)Created a firewall rule only making antivirus scan and selecting the "Pass Outlook Anywhere" option.

c)Created two Virtual Webservers

1. publish access to OWA and Autodiscover
2. publish access to OA

d) Created two Reverse Authentication Profiles
1. mode:"basic"
2. Users/Groups: "Active directory Users"
3. Real WebServer: "Mode": basic; "User name afix": "none"


Finally, on "Site Path routing" i´ve configured forms reverse authentication to OWA, ECP.
Basic reverse authentication to rpc.

On the exchange side (exchange 2013) on the IIS administration, i´ve configured the virtual directories of owa, ecp, rpc, autodiscover, EWS and OAB to accept basic authentication and also added the Default Domain.

What happens is that the access to owa, is made, get the forms authentication, and after a succesfull validation, instead of having access to the OWA, i´m redirected to the OWA authentication form from the exchange server.

i´ve gathered the logs both from the webserver protection and from the IIS logs to try to check:


IIS:

2015-02-18 12:37:19 ::1 POST /OWA/auth.owa - 443 HealthMailbox3055292aea5e43f1b9fc33f37a06ff6c@***x .pt ::1 AMProbe/Local/ClientAccess - 302 0 0 15
2015-02-18 12:37:19 ::1 GET /PowerShell/ - 443 - ::1 AMProbe/Local/ClientAccess - 401 111 0 31
2015-02-18 12:37:23 192.168.62.5 GET /owa - 443 - 192.168.xx.3 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - 302 0 0 31
2015-02-18 12:37:25 ::1 GET /ecp/ReportingWebService/ - 443 - ::1 AMProbe/Local/ClientAccess - 302 0 0 15
2015-02-18 12:37:30 ::1 POST /autodiscover/autodiscover.svc - 443 - ::1 AMProbe/AutoDStack+(ExchangeServicesClient/15.00.0516.014) - 401 0 0 0
2015-02-18 12:37:30 ::1 POST /autodiscover/autodiscover.svc - 443 - ::1 AMProbe/AutoDStack+(ExchangeServicesClient/15.00.0516.014) - 401 1 2148074254 0
2015-02-18 12:37:30 ::1 POST /autodiscover/autodiscover.svc - 443 - ::1 AMProbe/AutoDStack+(ExchangeServicesClient/15.00.0516.014) - 401 1 2148074252 15

Webserver:

2015:02:18-12:37:15 utm reverseproxy: id="0299" srcip="62.169.76.217" localip="83.***.***.182" size="3070" user="-" host="62.169.76.217" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="19516" url="/owa/auth/logon.aspx" server="owa.***x.pt" referer="-" cookie="logondata=acc=0&lgn=internal.***x.pt\\rui. fernandes; PrivateComputer=true" set-cookie="-"
2015:02:18-12:37:24 utm reverseproxy: id="0299" srcip="62.169.76.217" localip="83.***.***.182" size="140" user="-" host="62.169.76.217" method="POST" statuscode="302" reason="-" extra="-" exceptions="-" time="115686" url="/owa/auth.owa" server="owa.***.pt" referer="https://owa.***.pt/owa/auth/logon.aspx?url=https%3a%2f%2fowa.***.pt%2fowa&reas on=0" cookie="PrivateComputer=true; PBack=0" set-cookie="cadata=3Xci/lFu62zN6UCzX/nIULR2KP0CsWmQy+KpZ2IsdzDPm8apTDJET1zFAFpcreHoSO5k dGw/qR3040D2Av7i13boffAE4uewpgIF9wAfoQb9KQQdE3mp7u5eoG mEdoirO8cmRu4YVF1u3J7d0lB52/XXAbx+PViVT4CIhmkM5/yjDsxH59x9w53MZDvVTfdc; path=/; secure; HttpOnly, cadataTTL=nT6LCEznLEGpqKWYPncR7A==; path=/; secure; HttpOnly, cadataKey=vbdR7dLzNhOJy/qS9keUidl+Cn/RCEXl6tgTien6G1n+J/FaKLo4l0cQ9uMYyWGIDLhQlckGKgFCgDXsTB7Eb7iir3BlshkS 97ID4kDvo1sIt+mfh2US1ncyTk8RkXdoikO+gNQbsEsJPHZUH2 BzYvZwMGF6g+Y15Va8KMceGmu3E0iPCZ3HvMuMQCOosi4OFV/J2th3Melje8UfXbkobnM8WTyIbpFJaI4QHJ/O5ulF6HuDi4qc/FCcNhDaTP3Xpo4/KvQ2ynphAWsJ6fEeBqlaVK41JNHkXcf+WatR5Fn8L9PcZd54hQ DlJnxXkQ7zhMXVVk/qH9L8XdJQ0A6RWw==; path=/; secu
sta

(Sorry for the long post)

Load Balancing / Multipath Configuration

February 18, 2015, 11:06 am
$
0
0
I have one UTM 220 with 2 gig ram, firmware version 9.211-3. We have 3 separate buildings on our campus 2 of which have an enterprise grade wireless down link by the same ISP provider. One wan connection a 35mb up/dwn the other is 15mb up/dn. We have a fiber connection b/w all three buildings.

I originally had one connection that fed all three buildings but then decided to I needed to have a redundancy configuration in case I were to loose the fiber connection between any one of the sites which has occurred (our fiber connection is venerable - not buried). So now I have the second wan in a separate building and it is not going through my UTM220 device at this time.

My question is: Should I configure use my UTM220 to "Load Balance" the two connections (what mb connections would the combined 15mb/35mb connections actually provide) or keep the wans separate so that heavy activity on one would not degrade overall speed.

We basically have 3 film production studios set up as guest wifi environments along with general office and sometimes large video file upload/download activities.

TIA for any comments or suggestions.

Last WebAdmin Entries not Showing

February 18, 2015, 1:19 pm
$
0
0
Hello everyone,

Ever since I updated to 9.306, for some reason my latest webadmin entries don't show up anymore. It only shows the earliest one which is from last year. Please see screenshot to see what I mean. I tried using different browsers and still the same thing.

Does anyone know how to fix this?

Attached Images
File Type: jpg unnamed.jpg (50.4 KB)

When will UTM 10 be available for testing?

February 18, 2015, 4:04 pm
$
0
0
Hi All
with the NEW UTM coming out are we going to be given a go at testing the Beta?
With the expected release only (depending on who you listen to) 1-4 months away.

Mark
Search

Bandwidth Problems

February 18, 2015, 5:06 pm
$
0
0
This is our first Sophos device. It is a brand new SG210. Everything went smooth in regards to setup. Our ISP bandwidth is 75down/75up and I am getting these numbers when I configure a laptop to connect directly to ISP.

With the Sophos in place we are averaging 20down/71up.

We only have the "basic" + "network protection" licensed. QOS is completely disabled and no device on network is hogging bandwidth in the reports that I can see. We only have 10 users total and around 25 devices right now.

We have Eth0 set for LAN with Auto Negotiate.

We have Eth1 set for WAN which is disabled auto with setting at 100baseT/Full Duplex. We have played around with the settings for Eth1 while we were on the phone with ISP support. They are showing no errors on their end so it must be something with the Sophos specifically.

We have used speedtest.net, speedof.me, and the Logix speedtest on their site. We have also tried to do a download directly instead of relying on the speedtest and are only getting 23Kbps average.

Any ideas?

Thanks in advance.

UTM Home Hostname

February 19, 2015, 3:51 am
$
0
0
I am setting up a UTM at home, when I give it a hostname does it need to be resolvable across the internet?

[9.307] SMTP "Unrouteable address" instant bounce for a previously working domain

February 19, 2015, 4:52 am
$
0
0
Hello,
today i started getting this error for a specific mail address which yesterday received mails succesfully.
Mail manager shows a single line of
Code:
2015-02-19 09:01:41 routing failed for email@domain: Unrouteable address
there's no retry, no nothing, yesterday it was working perfectly.

SMTP log is the same line, accepts the mail, process queue, instant bounce

i checked DNS resolution for the domain(br.bosch.com) and works ok returning two different mailservers (in germany) :confused:
Both servers respond to telnet on port 25 ok

In any case, even if both servers would fail to answer it should stay in the retry queue NEVER instantly bouncing.

what's going on?

problem with two utm

February 19, 2015, 4:54 am
$
0
0
hi
i have sg310 for gateway firewall.Now i want use one utm (Netasq) front server farm in Layer 2. when i ping my server from sg310 there is no problem but when i ping servers from my Lan ( computer's) i cann't no ping. my servers are behind Netasq and my Lan Computer are behind SG310.

connecting to ftp sites

February 19, 2015, 6:13 am
$
0
0
ASG220 9.307
I've been struggling to figure out how to configure the system to allow access to FTP sites. Many of the companies we deal with have manuals, spec sheets etc available for download, hosted on an ftp site (example: ftp://ftp.panasonic.com). These would just be accessed as a hyperlink from that company's main site in order to get the information needed. Each one of these sites comes up as timing out. I know they are functional as I have accessed them from outside the network. Under web protection/policy helpdesk I can run the URL test and it comes back allowed, but in normal usage the site can't be accessed. Any help is appreciated.
Viewing all 14361 articles
Browse latest View live
Search