Is there anywhere you can see any statistics on the ethernet nics like frame errors and such? I am trying to troubleshoot packet loss and it would be really helpful if you could see is there is any issues with the connection between the firewall and the edge modem/router...
↧
Ethernet statistics on UTMs
↧
SCE/SCA signature images
I created these signature logos for all you SCE/SCA's. ;)
![]()
![]()
.
.
↧
↧
Site to Site SSL VPN setup question?
Hi,
I have setup a Site to Site SSL VPN between our 2 UTM's at 2 Sites, the link establishes but when i try to browse a web server on the other site I just get a sophos timed out error page in chrome. Should it have automatically set up the routing tables and created Firewall rules as i ticked the box to do that? Is there anything else I have to do myself to get traffic flowing across the Site to Site VPN?
The auto rules look OK but from looking at the live logs it does appear to be dropping traffic, The rules it automatically created were for
see image for actual screen shot : -
UTM 1 main
![]()
UTM 2 branch
![]()
when i look at the logs on the receiving site UTM the request is going to the right IP of the WWW server but the source is an IP from my SSL VPN POOL and it drops those, should it have created rules for traffic from the SSL VPN POOL addresses used by each site aswell? Also where do I find the actual Virtual IP used by each Sites UTM on the StS SSL VPN? when i look at the Site to Site page on the web admin it only shows me the Ext IP's used by each site to connect to each other and the local network ranges underneath, I dont see the IP they use from the VPN pool?
So anyone have any ideas why im still not able to communicate to hosts on the other sites network?
Should I use a RED tunnel instead, its just the guide article from sophos has a lot more steps to setup inc setting up virtual interfaces then setting up static routes and also NAT rules for each UTM. Shouldn't there be more steps for the site to site VPN rather than setting up the profiles on each site?
If anyone knows where I might find a decent guide article on setting up a Site to Site SSL VPN or a guide you know works, I'd really appreciate it as i can make sure I set mine up correctly. I can only find RED tunnel articles in sophos Kb.
Thanks
JK
PS FYI i have googled this!
I have setup a Site to Site SSL VPN between our 2 UTM's at 2 Sites, the link establishes but when i try to browse a web server on the other site I just get a sophos timed out error page in chrome. Should it have automatically set up the routing tables and created Firewall rules as i ticked the box to do that? Is there anything else I have to do myself to get traffic flowing across the Site to Site VPN?
The auto rules look OK but from looking at the live logs it does appear to be dropping traffic, The rules it automatically created were for
see image for actual screen shot : -
UTM 1 main
UTM 2 branch
when i look at the logs on the receiving site UTM the request is going to the right IP of the WWW server but the source is an IP from my SSL VPN POOL and it drops those, should it have created rules for traffic from the SSL VPN POOL addresses used by each site aswell? Also where do I find the actual Virtual IP used by each Sites UTM on the StS SSL VPN? when i look at the Site to Site page on the web admin it only shows me the Ext IP's used by each site to connect to each other and the local network ranges underneath, I dont see the IP they use from the VPN pool?
So anyone have any ideas why im still not able to communicate to hosts on the other sites network?
Should I use a RED tunnel instead, its just the guide article from sophos has a lot more steps to setup inc setting up virtual interfaces then setting up static routes and also NAT rules for each UTM. Shouldn't there be more steps for the site to site VPN rather than setting up the profiles on each site?
If anyone knows where I might find a decent guide article on setting up a Site to Site SSL VPN or a guide you know works, I'd really appreciate it as i can make sure I set mine up correctly. I can only find RED tunnel articles in sophos Kb.
Thanks
JK
PS FYI i have googled this!
↧
Advanced Thread Protection, false positive?
Hi there!
For quite some time i've searched on the web for a solution on this problem.
Our UTM in China office is reporting infected hosts and it always pointing to our DNS server.
Since all DNS queries are first handled by a windows DNS server and than forwarded to the UTM it always show the DNS server as infected host.
I've enabled the DNS log on windows DNS server to find out which internal hosts were requesting access to the infected hosts on the web.
My problem is that the internal host that requested access to the infected internet host not seem to be infected. I've scanned with sophos AV, ADWCleaner, malwarebytes and nothing was found.
The websites that internal hosts are trying to access are normally:
js.ne08.com
c.360baidus.com
Can someone help?
Thank you!
For quite some time i've searched on the web for a solution on this problem.
Our UTM in China office is reporting infected hosts and it always pointing to our DNS server.
Since all DNS queries are first handled by a windows DNS server and than forwarded to the UTM it always show the DNS server as infected host.
I've enabled the DNS log on windows DNS server to find out which internal hosts were requesting access to the infected hosts on the web.
My problem is that the internal host that requested access to the infected internet host not seem to be infected. I've scanned with sophos AV, ADWCleaner, malwarebytes and nothing was found.
The websites that internal hosts are trying to access are normally:
js.ne08.com
c.360baidus.com
Can someone help?
Thank you!
↧
How safe is allowing all Outgoing Traffic?
Hi,
I have a home network behind a UTM, we do have several Servers here to though but i just wanted to ask how safe would it be to allow any traffic through from the local network to external networks?
Its just as its a home network there are to many issues with programs not getting through the firewall.
Would traffic still be protected by the IPS & ATP etc if i create an allow any outgoing rule in the firewall?
thanks,
JK
I have a home network behind a UTM, we do have several Servers here to though but i just wanted to ask how safe would it be to allow any traffic through from the local network to external networks?
Its just as its a home network there are to many issues with programs not getting through the firewall.
Would traffic still be protected by the IPS & ATP etc if i create an allow any outgoing rule in the firewall?
thanks,
JK
↧
↧
Site 2 Site VPN fails when target has multiple interfaces
SG 310 V 9-312-8
I have VPN's connected to a group of mobile cradlepoint routers with aircards for Internet access. All is good. HOWEVER; because of the terrain where they travel, they are now being outfitted with 2 aircards, 1 each from 2 different vendors. Seemed pretty simple, I should be able to just create an availability group on the Sophos and use that in the gateway. Sadly, doesn't work. I get "no connection has been authorized for policy=PSK" I tried setting UTM to respond only, but get Invalid ID. Any hope?
I have VPN's connected to a group of mobile cradlepoint routers with aircards for Internet access. All is good. HOWEVER; because of the terrain where they travel, they are now being outfitted with 2 aircards, 1 each from 2 different vendors. Seemed pretty simple, I should be able to just create an availability group on the Sophos and use that in the gateway. Sadly, doesn't work. I get "no connection has been authorized for policy=PSK" I tried setting UTM to respond only, but get Invalid ID. Any hope?
↧
Sophos enterprise console setup
Hello,
We are a new organization and planning to setup SOPHOS ENTERPRISE CONSOLE in our environment in order to deploy endpoint protection solution for machines. At the moment we don't have "DOMAIN CONTROLLER" and all the machines in our organization are "WORKGROUP" Computers, as we are a new organization planning to setup AD services soon and not at the moment. Following are the requirements and questions if you could please help us:
1. How many Windows Server 2012 R2 Servers are needed for SOPHOS ENTERPRISE CONSOLE SETUP?
2. We already have SOPHOS UTM 425 in our organization. As we are installing SOPHOS ENTERPRISE CONSOLE in server. What does SOPHOS UTM will play the rule here for ENDPOINT Protection feature?
3. SOPHOS ENTERPRISE CONSOLE will be installed in server and I have downloaded its setup for Server. What is the software name I need to download in order to install it in windows WORKGROUP computers like 7,8,8.1
We are a new organization and planning to setup SOPHOS ENTERPRISE CONSOLE in our environment in order to deploy endpoint protection solution for machines. At the moment we don't have "DOMAIN CONTROLLER" and all the machines in our organization are "WORKGROUP" Computers, as we are a new organization planning to setup AD services soon and not at the moment. Following are the requirements and questions if you could please help us:
1. How many Windows Server 2012 R2 Servers are needed for SOPHOS ENTERPRISE CONSOLE SETUP?
2. We already have SOPHOS UTM 425 in our organization. As we are installing SOPHOS ENTERPRISE CONSOLE in server. What does SOPHOS UTM will play the rule here for ENDPOINT Protection feature?
3. SOPHOS ENTERPRISE CONSOLE will be installed in server and I have downloaded its setup for Server. What is the software name I need to download in order to install it in windows WORKGROUP computers like 7,8,8.1
↧
Wireless Protection: Separate Zone oder Bridge to VLAN für GAST-Netzwerk?
Hallo Forum,
welche der folgenden Einstellung würdet Ihr für ein GAST-WLAN sicherheitstechnisch bevorzugen?
Client traffic über:
Separate Zone
Bridge to VLAN (-> Separates VLAN für GAST-Netzwerk)
Wenn ich Separate Zone richtig verstanden habe, wird ein SSL Tunnel vom AC zur UTM aufgebaut um den Gast-Traffic zu tunneln. Umgehe ich damit, dass der Management Switch über das Gast-WLAN angreifbar ist (ARP-Spoofing, VLAN hopping, etc.)?
Der Aufwand spielt in diesem Szenario keine unmittelbare Rolle, es geht rein darum, welche Einstellung die Sicherste ist.
Vielen Dank für eure Hilfe
Stolz
welche der folgenden Einstellung würdet Ihr für ein GAST-WLAN sicherheitstechnisch bevorzugen?
Client traffic über:
Separate Zone
Bridge to VLAN (-> Separates VLAN für GAST-Netzwerk)
Wenn ich Separate Zone richtig verstanden habe, wird ein SSL Tunnel vom AC zur UTM aufgebaut um den Gast-Traffic zu tunneln. Umgehe ich damit, dass der Management Switch über das Gast-WLAN angreifbar ist (ARP-Spoofing, VLAN hopping, etc.)?
Der Aufwand spielt in diesem Szenario keine unmittelbare Rolle, es geht rein darum, welche Einstellung die Sicherste ist.
Vielen Dank für eure Hilfe
Stolz
↧
Red Device and UTM on same subnet
Hi Folks,
I want to use the same subnet on a remote site as I have in my Headquarters.
Clients on the remote site should get IP-adresses from the UTM via DHCP
I have connected a Red 10-device to my UTM (V9.310-11) without further configuration. I converted the Internal Interface of the UTM to "Ethernet Bridge" and added the Red-Interface to the bridge.
On the remote site I connected a computer to the Red Device and everything seems to work, the computer gets an ip-address through DHCP from the Headquarters. Even Internet-Surfing does work.
But: I cannot connect to another machine on the HQ-Subnet.
The only machine I can ping through the bridge is the UTM.
Are there any firewall rules / filters I have to set up?
I have checked the firewall rules but nothing seems to be a problem.
But because the Red-Device is bridged I can´t see it in the network-definitions so I am not able to set up special rules like "Any from RED to Any ->allow"...
Any suggestions? Thx!
Andre
I want to use the same subnet on a remote site as I have in my Headquarters.
Clients on the remote site should get IP-adresses from the UTM via DHCP
I have connected a Red 10-device to my UTM (V9.310-11) without further configuration. I converted the Internal Interface of the UTM to "Ethernet Bridge" and added the Red-Interface to the bridge.
On the remote site I connected a computer to the Red Device and everything seems to work, the computer gets an ip-address through DHCP from the Headquarters. Even Internet-Surfing does work.
But: I cannot connect to another machine on the HQ-Subnet.
The only machine I can ping through the bridge is the UTM.
Are there any firewall rules / filters I have to set up?
I have checked the firewall rules but nothing seems to be a problem.
But because the Red-Device is bridged I can´t see it in the network-definitions so I am not able to set up special rules like "Any from RED to Any ->allow"...
Any suggestions? Thx!
Andre
↧
↧
SPAM Action "warn"
Hi
Am I right that the spam action "warn" only rewrites the Subject into "*SPAM* $Subject"?
Why not adding the header X-Spam-Flag: YES ?
I want that my postifix (amavis-new) behind the the astaro exim skips scanning mails which the astaro antispam system already detected as possible spam and move them directly to the junk folder of a user.
And for this setup I guess the header X-Spam-Flag is better to check for instead checking the subject for a *SPAM* part.
Am I right that the spam action "warn" only rewrites the Subject into "*SPAM* $Subject"?
Why not adding the header X-Spam-Flag: YES ?
I want that my postifix (amavis-new) behind the the astaro exim skips scanning mails which the astaro antispam system already detected as possible spam and move them directly to the junk folder of a user.
And for this setup I guess the header X-Spam-Flag is better to check for instead checking the subject for a *SPAM* part.
↧
Active IP's
I have just installed and i do a lot of testing / playing.
All the IP's in this list are not active but don't seem to flush. i'm worried i'm going to hit the 50 mark at some point and have a list of dead IP's.
is there a way to flush this list of old IPs?
https://dumpyourphoto.com/photo/yuWjKUpMSl
All the IP's in this list are not active but don't seem to flush. i'm worried i'm going to hit the 50 mark at some point and have a list of dead IP's.
is there a way to flush this list of old IPs?
https://dumpyourphoto.com/photo/yuWjKUpMSl
↧
PPTP not auth with AD
I'm trying to setup PPTP and i have it working with a local account.
I have created a AD sync user that uses backend auth. This seems to work for everything but PPTP.
When i try and use my AD user it errors but does lock my AD user account. So the auth is getting somewhere .
Error:734
Any ideas?
Many Thanks
I have created a AD sync user that uses backend auth. This seems to work for everything but PPTP.
When i try and use my AD user it errors but does lock my AD user account. So the auth is getting somewhere .
Error:734
Any ideas?
Many Thanks
↧
Unknown routing issue (i think)
Please find image attached:
This is an old document but the basic setup is there. I have a PS3 and it's on the LAN. If i use netflix (also with web protection off) it (netflix) crashes/buffers dies a lot. at the time of using netflix, if i ping 192.168.2.2 from the LAN i get very bad results. fine so fetlix seems to be too much.
So i moved my PS3 to the WAN segment (Wifi) Now it classed as guest on this network. the netgear gives it an IP and DNS as if the sophos etc didn't exist.
Start watching netflix and yay it plays fine. BUT!! the ping rate from LAN to WAN 192.168.2.2 is still very bad (only when on netflix). So as PS3 is going through the 2.2 i could expect this. But i also ping 192.168.2.1 and this is also bad results (timeouts or slow response).
i wouldn't mind too much but it effect the performance virtual machines or the administration of them anyway. everything seem to take that bit longer. enough that I need to pick speed over netflix.
Hope that's enough detail.
Any idea's ?
This is an old document but the basic setup is there. I have a PS3 and it's on the LAN. If i use netflix (also with web protection off) it (netflix) crashes/buffers dies a lot. at the time of using netflix, if i ping 192.168.2.2 from the LAN i get very bad results. fine so fetlix seems to be too much.
So i moved my PS3 to the WAN segment (Wifi) Now it classed as guest on this network. the netgear gives it an IP and DNS as if the sophos etc didn't exist.
Start watching netflix and yay it plays fine. BUT!! the ping rate from LAN to WAN 192.168.2.2 is still very bad (only when on netflix). So as PS3 is going through the 2.2 i could expect this. But i also ping 192.168.2.1 and this is also bad results (timeouts or slow response).
i wouldn't mind too much but it effect the performance virtual machines or the administration of them anyway. everything seem to take that bit longer. enough that I need to pick speed over netflix.
Hope that's enough detail.
Any idea's ?
↧
↧
duplicate emails, spam
Hello all,
I have some quarantined emails in Sophos and I would like to know how can I determine why Sophos marked them as spam. The emails were outbound. I am able to release them in Mail manager but I dont know were to see the reason why this emails marked as spam. In mail manager I couldnt find this information and from general smtp archived logs I also couldnt find anything. Is there a way to see the reason why an email marked as spam ?
I also have some users that are having some duplicate emails. Could that be caused from Sophos or is it mainly mail client software issue ? Any help would be appreciated.
I have some quarantined emails in Sophos and I would like to know how can I determine why Sophos marked them as spam. The emails were outbound. I am able to release them in Mail manager but I dont know were to see the reason why this emails marked as spam. In mail manager I couldnt find this information and from general smtp archived logs I also couldnt find anything. Is there a way to see the reason why an email marked as spam ?
I also have some users that are having some duplicate emails. Could that be caused from Sophos or is it mainly mail client software issue ? Any help would be appreciated.
↧
Web Filtering Blocking Torrents
Hi,
I'm try to torrent and have setup the NAT and Firewall correctly however I still couldn't torrent. Tried for a fair while and eventually decided to turn web filtering off to see if had anything to do with that and bang, it started working.
The category to do with torrents was off anyway and I'm not sure what's going on.
Here is a snippet of the web filtering log (which grew to 3mb in 15 minutes trying to torrent).
Any one know if I can fix this?
Cheers for any help.
I'm try to torrent and have setup the NAT and Firewall correctly however I still couldn't torrent. Tried for a fair while and eventually decided to turn web filtering off to see if had anything to do with that and bang, it started working.
The category to do with torrents was off anyway and I'm not sure what's going on.
Here is a snippet of the web filtering log (which grew to 3mb in 15 minutes trying to torrent).
Quote:
|
2015:07:10-21:41:57 sophosfw httpproxy[5289]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.28.103" dstip="91.228.167.93" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe21af800" url="http://ts.eset.com/query/chsquery.php" referer="" error="" authtime="0" dnstime="559" cattime="175597" avscantime="0" fullreqtime="970564" device="0" auth="0" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" content-type="text/html" 2015:07:10-21:41:58 sophosfw httpproxy[5289]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.28.103" dstip="91.228.167.93" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="55" request="0xe21af800" url="http://ts.eset.com/query/chsquery.php" referer="" error="" authtime="0" dnstime="0" cattime="197" avscantime="4018" fullreqtime="454034" device="0" auth="0" ua="" exceptions="" reputation="trusted" category="105" reputation="trusted" categoryname="Business" content-type="text/plain" 2015:07:10-21:41:59 sophosfw httpproxy[5289]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.28.103" dstip="91.228.167.93" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xe227c800" url="http://ts.eset.com/query/chsquery.php" referer="" error="" authtime="0" dnstime="103" cattime="265" avscantime="0" fullreqtime="769505" device="0" auth="0" ua="" exceptions="" category="105" reputation="trusted" categoryname="Business" content-type="text/html" 2015:07:10-21:41:59 sophosfw httpproxy[5289]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="192.168.28.103" dstip="91.228.167.93" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="55" request="0xe227c800" url="http://ts.eset.com/query/chsquery.php" referer="" error="" authtime="0" dnstime="0" cattime="117" avscantime="3779" fullreqtime="449055" device="0" auth="0" ua="" exceptions="" reputation="trusted" category="105" reputation="trusted" categoryname="Business" content-type="text/plain" 2015:07:10-21:42:00 sophosfw httpproxy[5289]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.28.103" dstip="162.244.60.38" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="110049" request="0xe2285800" url="https://pod-000-1002-08.backblaze.com/" referer="" error="" authtime="0" dnstime="352" cattime="179455" avscantime="0" fullreqtime="4240072" device="0" auth="0" ua="" exceptions="" category="170" reputation="neutral" categoryname="Personal Network Storage" 2015:07:10-21:42:01 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1100" message="Write error on the epoll handler 112 (Broken pipe)" 2015:07:10-21:42:01 sophosfw httpproxy[5289]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.28.103" dstip="134.170.216.115" user="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="135" request="0xe323b800" url="https://134.170.216.115/" referer="" error="Connection refused" authtime="0" dnstime="1" cattime="265" avscantime="0" fullreqtime="177785" device="0" auth="0" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" 2015:07:10-21:42:01 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="95" message="Unable to parse a http message of 67 bytes (HPE_INVALID_METHOD: invalid HTTP method)" 2015:07:10-21:42:01 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1536" message="unable to parse a http message on handler 105 (Resource temporarily unavailable)" 2015:07:10-21:42:01 sophosfw httpproxy[5289]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.28.103" dstip="162.244.57.12" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="10740" request="0xe21f7800" url="https://ca000.backblaze.com/" referer="" error="" authtime="0" dnstime="4" cattime="168" avscantime="0" fullreqtime="1203800" device="0" auth="0" ua="" exceptions="" category="170" reputation="neutral" categoryname="Personal Network Storage" 2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1100" message="Write error on the epoll handler 119 (Broken pipe)" 2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.28.103" dstip="134.170.216.115" user="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="124" request="0xe181b800" url="https://134.170.216.115/" referer="" error="Connection refused" authtime="0" dnstime="1" cattime="127" avscantime="0" fullreqtime="181096" device="0" auth="0" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" 2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="plain_write_vector" file="epoll.c" line="1100" message="Write error on the epoll handler 116 (Broken pipe)" 2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.28.103" dstip="134.170.216.115" user="" ad_domain="" statuscode="500" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="113" request="0xe21fa000" url="https://134.170.216.115/" referer="" error="Connection refused" authtime="0" dnstime="1" cattime="156" avscantime="0" fullreqtime="181849" device="0" auth="0" ua="" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" 2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="95" message="Unable to parse a http message of 57 bytes (HPE_INVALID_METHOD: invalid HTTP method)" 2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1536" message="unable to parse a http message on handler 105 (Resource temporarily unavailable)" 2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="95" message="Unable to parse a http message of 37 bytes (HPE_INVALID_METHOD: invalid HTTP method)" 2015:07:10-21:42:02 sophosfw httpproxy[5289]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="read_request_headers" file="request.c" line="1536" message="unable to parse a http message on handler 105 (Resource temporarily unavailable)" |
Cheers for any help.
↧
Only allow WhatsApp
Greetings,
We are trying to accomplish the following:
- Allow WhatsApp
- Deny everything else
We tried to do it with firewall rules, but WhatsApp uses a lot (a lot!) of DNS names, so this isn't very manageble.
We are now trying to do this with Application Control. So in the firewall an Deny Any Any rule, and in the Application Control allowing the WhatsApp service.
But this is working 50% of the time, sometimes when we open WhatsApp on our phones, we can text on WhatsApp. But we we close the app, and reopen WhatsApp, it isn't working.
Does anybody have experience to only allow WhatsApp? If so, how did you do it? :confused:
We are trying to accomplish the following:
- Allow WhatsApp
- Deny everything else
We tried to do it with firewall rules, but WhatsApp uses a lot (a lot!) of DNS names, so this isn't very manageble.
We are now trying to do this with Application Control. So in the firewall an Deny Any Any rule, and in the Application Control allowing the WhatsApp service.
But this is working 50% of the time, sometimes when we open WhatsApp on our phones, we can text on WhatsApp. But we we close the app, and reopen WhatsApp, it isn't working.
Does anybody have experience to only allow WhatsApp? If so, how did you do it? :confused:
↧
Confd WIZARD mode
I am getting along in putting together a wiki for the confd client. However I can't get any information about the WIZARD mode. Anybody who reads this and knows just a little about it, please let me know by either replying to this thread or sending me a PM.
↧
↧
All Tap-Windows Adaptors Currently in Use
I cant get the VPN to work. Seems like others have had problems too but my searches did not come up with a solution for this that has worked for me. Never had a problem with the VPN on V8.x and using the older VPN client.
Im running the latest version of V9.x on an ASG120 and downloaded/installed the entire VPN package. When I try to initiate the VPN and log in, I get
"All Tap-Windows Adaptors on this system are currently in use" in the logs.
- My TAP-Windows Adaptor V9 in Device Manager has a yellow "!" icon on it. I tried disabling the device adaptor and re-enabling it but no go.
Im running XP 32-bit on the client machine Im trying to set it up on, but Im running into more or less the same issue on any workstation beyond Vista as well. Ive yet to get it working since upgrading to V9.x and installing the new client from scratch.
What's the secret sauce to get this working? Thanks.
Im running the latest version of V9.x on an ASG120 and downloaded/installed the entire VPN package. When I try to initiate the VPN and log in, I get
"All Tap-Windows Adaptors on this system are currently in use" in the logs.
- My TAP-Windows Adaptor V9 in Device Manager has a yellow "!" icon on it. I tried disabling the device adaptor and re-enabling it but no go.
Im running XP 32-bit on the client machine Im trying to set it up on, but Im running into more or less the same issue on any workstation beyond Vista as well. Ive yet to get it working since upgrading to V9.x and installing the new client from scratch.
What's the secret sauce to get this working? Thanks.
↧
Server Load Balancing Issue
Hello,
I have a NAT rule that port forwards 443 to 3389 on an internal RDP server. Been working fine for a while but now I want to add a second RDP server to the mix. I've defined an SLB group with the two servers but instead of an external IP for the virtual, I've defined an internal host as the virtual. I modify the NAT rule to then point to the virtual server host and this breaks the setup. If I didn't have the port forward requirement I would have just setup the external IP in virtual and then disable the NAT rule and I suspect it would work without issue. Anybody have any thoughts on how I can get a port forward into some sort of round-robin setup under Sophos UTM? The SLB does not appear to support port forwarding (within the SLB function) or accept routing from a NAT rule.
Thanks
I have a NAT rule that port forwards 443 to 3389 on an internal RDP server. Been working fine for a while but now I want to add a second RDP server to the mix. I've defined an SLB group with the two servers but instead of an external IP for the virtual, I've defined an internal host as the virtual. I modify the NAT rule to then point to the virtual server host and this breaks the setup. If I didn't have the port forward requirement I would have just setup the external IP in virtual and then disable the NAT rule and I suspect it would work without issue. Anybody have any thoughts on how I can get a port forward into some sort of round-robin setup under Sophos UTM? The SLB does not appear to support port forwarding (within the SLB function) or accept routing from a NAT rule.
Thanks
↧
Is it possible to Adjust Undeliverable timeout
We just Upgraded our SOPHOS to new hardware and now we have enough muscle to run the SMTP Proxy for both incoming and outgoing emails for a company.
The only issue I have is that it waits way too long to bounce an email as undeliverable if the UTM can't reach a destination server (for our business anyways). I think it's 3 days and I am not sure if it even sends a "your email has been delayed" type email either during that time.
Is there any way to adjust this? Even by manually modifying a configuration file.
I know on the sophos Email appliance these timings appear to be adjustable. and I know that there is a feature request established for this. Mail Protection: Configurable SMTP Retry Timeout
Dan
The only issue I have is that it waits way too long to bounce an email as undeliverable if the UTM can't reach a destination server (for our business anyways). I think it's 3 days and I am not sure if it even sends a "your email has been delayed" type email either during that time.
Is there any way to adjust this? Even by manually modifying a configuration file.
I know on the sophos Email appliance these timings appear to be adjustable. and I know that there is a feature request established for this. Mail Protection: Configurable SMTP Retry Timeout
Dan
↧