PUSH :-] Got the same error on our customers. You guys already found out that it seems to be caused from HSTS. I hope Sophos will fix this soon.
↧
Forum Post: RE: quarantined email release fails
↧
Forum Post: RE: WhatsUP Calls not working
yes :) now its working with the ports above. Best Regards Sally
↧
↧
Forum Post: RE: Bestimmte Websites von der Authentifizierung ausnehmen
Hey Bob, danke für die Antwort. Ich könnte auch auf Englisch antworten, aber werde des deutschen Forums wegen weiterhin auf Deutsch schreiben. Englische Antworten sind kein Problem. Hier nun zwei Zeilen und die Erklärung dazu: 1.: 2018:04:25-08:06:01 prx01-1 httpproxy[8062]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="10.10.XXX.XXX" dstip="10.0.YYY.YYY" user="abcd" group="LDAP Users" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffLdapusers2 (LDAP_Users)" size="4071" request="0xdb17ac00" url=" https://www.borncity.com/" referer="" error="" authtime="2" dnstime="0" cattime="54" avscantime="0" fullreqtime="3439976" device="0" auth="4" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="" category="181" reputation="neutral" categoryname="Marketing/Merchandising" Dies ist ein erfolgreicher Versuch, die Website aufzurufen. Der Filter ist NICHT aktiv. Der User (ich) wird korrekt erkannt (LDAP_Users) und darf auf die Website zugreifen. 2.: 2018:04:25-08:05:41 prx01-1 httpproxy[8062]: id="0060" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden category detected" action="block" method="CONNECT" srcip="10.10.XXX.XXX" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaManagNetwo3 (Domains ohne Passwort)" filteraction="REF_HttCffWhiteZulas (Whitelist zulassen)" size="7638" request="0xde73d000" url=" https://www.borncity.com/" referer="" error="" authtime="0" dnstime="0" cattime="76" avscantime="0" fullreqtime="206414" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" exceptions="" category="181" reputation="neutral" categoryname="Marketing/Merchandising" reason="category" Dies ist ein NICHT erfolgreicher Versuch. Der Filter ist aktiviert. Die gleiche Website wird aufgerufen, diesmal wird der User (wieder eigentlich ich) nicht erkannt, sondern der Filter "Whitelist zulassen" im Bereich "Domains ohne Passwort" wird alleine(!) genutzt und blockt die Website. Das ist richtig, aber hindert ein Mitglied von LDAP_Users an der Nutzung des Internets. Ziel ist es, dass Websites, die auf der Whitelist stehen, komplett ohne Authentifizierung aufzurufen sind, alle anderen Websites über die Gruppenmitgliedschaft in LDAP_Users zugelassen werden. Ich hoffe es wird klar, was ich meine. MfG Matthias
↧
Forum Post: RE: Multiple Locations MAC-Filtering
After some testing most things work fine. All devices get an IP-address and unknown devices can not reach anywhere within the network. Still can ping everything inside the network by using FQDN. ping servername -> no answer ping servername.domain.local -> ping successfull Leaves me puzzled for now. Sadly unknown devices can still connect to the internet (thanks to the dreaded webfilter overwriting firewall-rules I guess). Edit Found an earlier answer from you (Jan 2017): https://community.sophos.com/products/unified-threat-management/f/general-discussion/86093/locking-down-access-internet-access-using-mac-address-control Seems I am back at static mappings if I want to block all access, including internet access for unknow devices. Still that leaves one question: I allow lets say Computer1 with IP 123.123.123.123 and MAC XYZ to get an IP-address. Now somebody brings in his personal notebook I do not want to connect anywhere. He assigns 123.123.123.123 as his IP-address -> he can connect to the internet again, right? There has to be a way to block this properly but for now I did not find any.
↧
Forum Post: RE: Sophos Safeguard on Windows 10 Issue
Hi. Thank you for the reply. Something was just weird with the Notebook. We picked up various issues with the laptop apart from the Sophos issue. We ended up logging a DOA with DELL and they replaced the laptop with a new one. The new one installed and encrypted perfectly. So I am not sure what caused the issue. Thanks for the reply. Regards
↧
↧
Forum Post: RE: Site to Site VPN Split Mode for Office365?
IPsec Connection Site A Remote Gateway Site B
↧
Forum Post: RE: Endpoint protection web control not working
Hello BAlfson, I don't know how and why but it suddenly seems to be working :)
↧
Forum Post: Firewall blocking
Hello, I have added a Network Definitions group called "Blocked Attackers" and added several IP addresses and IP subnets. I added a firewall rule (on position 1) with the following settings: Sources: Blocked Attackers Services: Any Destinations: Any Action: Drop (also tried reject) The rule is enabled but I still see the IP address appear on the SMTP proxy trying to authenticate. Am I missing something here?
↧
Forum Post: RE: Slow Performance via RED15 / RED15w related to CITRIX- Sessions and RDP- Sessions - SG330 Cluster
Hello, i tried this on one red connection which connects the home office of one employee with our main office. It seems to have helped. The MTU on this RED Interface was set to: 1200 instead of 1500 I will try it too on another connection.
↧
↧
Forum Post: RE: Possible bug in 9.509-3 regarding attachment content-type scanning
We have the same issue after upgrading to firmware version 9.509-3 Can someone of Sophos support look into this?
↧
Forum Post: How can I view the content of RED logfiles?
Can sombody tell me how to open RED log file on XG? I see the files using Advanced Shell but I cannot see Content the files. Best regards Nasser
↧
Forum Post: RE: Cyberoam UTM Reports are not showing
Can you share with us any Cyberoam link ?? If there is any? And I'm sorry to post here, but since they become the same company, everything looks different. And I can't find any Cyberoam related communities. it's all about Sophos, which we are not ready to move to.
↧
Forum Post: RE: Cyberoam UTM Reports are not showing
Hi Illena, Glad to know there are others, please share with me a solution if you happen to find one. and I will do the same.
↧
↧
Forum Post: Windows Client Patch 1804 for SafeGuard products
Hi All, A set of Windows client security patches for multiple SafeGuard products has been released to address a number of security issues. It is highly recommended to apply the patch to all affected SafeGuard Enterprise, SafeGuard Easy and SafeGuard LAN Crypt Windows clients. Applies to the following Sophos products and versions SafeGuard Enterprise Client for Windows 8.00 (all modules) SafeGuard Enterprise Client for Windows 7.00 (all modules) SafeGuard Enterprise Client for Windows 6.10 (all modules) SafeGuard Enterprise Client for Windows 5.60.3 VS-NfD (all modules) SafeGuard Enterprise Client for Windows 6.00 and 6.00.1 (all modules) SafeGuard Easy 6.00, 6.10 and 7.00 SafeGuard LAN Crypt client 3.95.1 SafeGuard LAN Crypt client 3.90.2 SafeGuard LAN Crypt client 3.90.1 TS SafeGuard LAN Crypt client 3.95.1 TS Please refer to the article Windows Client Patch 1804 for SafeGuard products for more information.
↧
Forum Post: RE: RED 15
Oh ok.. In Sophos UTM there is a logfile especially for the reds.. What says the logfile at the time when a disconnect occur?
↧
Forum Post: RE: Communication with office 365 products
I now have disabled both web and application filtering (set to none) and the problem still persists. Looks like the client is still asuming the connection is active and that push notifications are not send to the client. The connection state for outlook 2016 is connected. Allthough i agree this could be a problem within outlook and/or office 365, i want to stress that I see this behaviour/problem on 2 seperate clients, with 2 seperate domains and online tenants. Only similarity is the presence of a sophos firewall. an XG115 and an XG210. Both on latest firmware. Then, i noticed these posts: - https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/sfos-v170-beta/f/sfos-v170-beta-feedback/95909/fw-log-could-not-assocate-packet-to-any-connection-when-ips-enabled - https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/sfos-v170-beta/f/sfos-v170-beta-feedback/96650/numerous-could-not-associate-packet-to-any-connection-messages-in-the-firewall-log looking at the firewall log, i see similar patterns. traffic is denied, after seeing a similar trafic working several mintutes before. Time,Log Comp,Action,Username,Firewall Rule,In Interface ,Out Interface ,Source IP,Destination IP,Source Port,Destination Port,Protocol,Rule Type,Message ID,Live PCAP,Message, 2018-04-25 11:29:56,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,65020,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 11:29:56,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,65020,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 11:29:25,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,65020,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 11:28:40,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,65020,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 11:28:05,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,65020,443,TCP,1,00001,Open PCAP,, 2018-04-25 11:08:19,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,64619,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 11:08:19,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,64619,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 11:08:03,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,64619,443,TCP,1,00001,Open PCAP,, 2018-04-25 10:56:05,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,64171,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 10:55:20,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,64171,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 10:54:35,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,64171,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 10:53:50,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,64171,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 10:53:05,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,64171,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 10:52:20,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,64171,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 10:51:35,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,64171,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 10:50:50,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,64171,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 10:50:05,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,64171,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 10:49:20,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,64171,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 10:48:35,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,64171,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 10:48:00,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,64171,443,TCP,1,00001,Open PCAP,, 2018-04-25 10:28:05,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,63823,443,TCP,1,00001,Open PCAP,, 2018-04-25 09:37:47,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,62791,443,TCP,1,00001,Open PCAP,, 2018-04-25 09:27:45,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,62600,443,TCP,1,00001,Open PCAP,, 2018-04-25 09:07:41,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,62270,443,TCP,1,00001,Open PCAP,, 2018-04-25 08:17:31,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,61192,443,TCP,1,00001,Open PCAP,, 2018-04-25 08:15:34,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,61021,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 08:14:49,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,61021,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 08:14:04,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,61021,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 08:13:19,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,61021,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 08:12:34,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,61021,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 08:11:49,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,61021,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 08:11:04,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,61021,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 08:10:19,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,61021,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 08:09:34,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,61021,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 08:08:49,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,61021,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 08:08:04,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,61021,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 08:07:29,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,61021,443,TCP,1,00001,Open PCAP,, 2018-04-25 07:57:26,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,60857,443,TCP,1,00001,Open PCAP,, 2018-04-25 07:37:21,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,60488,443,TCP,1,00001,Open PCAP,, 2018-04-25 07:17:16,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,60153,443,TCP,1,00001,Open PCAP,, 2018-04-25 06:35:08,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59307,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:34:23,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59307,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:33:38,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59307,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:32:53,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59307,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:32:08,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59307,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:31:23,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59307,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:30:38,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59307,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:29:53,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59307,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:29:08,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59307,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:28:23,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59307,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:27:38,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59307,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:27:03,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,59307,443,TCP,1,00001,Open PCAP,, 2018-04-25 06:25:07,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59150,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:24:22,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59150,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:23:37,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59150,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:22:52,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59150,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:22:07,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59150,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:21:22,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59150,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:20:37,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59150,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:19:52,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59150,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:19:07,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59150,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:18:22,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59150,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:17:37,Invalid Traffic,Denied,,0,,,192.168.0.60 ,104.225.98.130 ,59150,443,TCP,0,01001,Open PCAP,Could not associate packet to any connection., 2018-04-25 06:17:02,Firewall Rule,Allowed,,2,Lag10Gbit.2,Port2,192.168.0.60 ,104.225.98.130 ,59150,443,TCP,1,00001,Open PCAP,,
↧
Forum Post: PureMessage for Unix now detects "OpenPGP/GPG"
Hi All, PureMessage for Unix now detects "OpenPGP/GPG" emails as encrypted. This is a new behavior in version 3.72.1 of the Sophos Engine giving customers more flexibility in their rules for handling these messages. Because of this, you may notice PGP emails are being detected and blocked by your policy. The following checks can detect the OpenPGP/GPG 'pmx_suspect_attachment' 'pmx_attachment_name' 'pmx_attachment_true_filetype' 'pmx_attachment_type' 'pmx_credit_card' 'pmx_phrase' If this is not the behavior you are looking for then you will need to create a "cantscan" check and handle the message. This article describes the steps for creating a "cantscan" rule on PureMessage for Unix. Please refer to the article PureMessage for Unix now detects "OpenPGP/GPG" for more information
↧
↧
Forum Post: RE: XG has disabled 3DES and SHA1 in L2TP policy, what should I choose for VPN?
Hi Arun, You can use SSL VPN client with all the OS platforms, stated above! Take a look at, Sophos XG Firewall: How to configure SSL VPN for iPhone or iPad for more information. Thanks,
↧
Forum Post: RE: RED 15
Where is the logfile located?
↧
Forum Post: RE: RED 15
We don't use Sophos XG at the moment. But via search i found this: https://community.sophos.com/products/xg-firewall/f/network-and-routing/95311/viewing-red-log-file
↧