Website Not Available Sophos

Posted on |



Sophos Connect VPN client downloads now available from the user portal; Enforcement of TLS 1.2 for SSL VPN on site-to-site and remote-access connections; Security and other Enhancements. Stronger password hash – which will prompt you to change your password when upgrading to take full advantage of this important feature (see prompt below). Sophos XG Firewall is available in a variety of hardware models based on performance needs, as well as for virtualization platforms, as a software appliance for x86 hardware, and in Microsoft. I will use the Sophos UTM Gateway which is available as a software appliance to be installed on 'any' hardware and is free for home and personal use. Disclaimer: I am not employed by Sophos or Astaro or connected in any other way. I checked some other firewall distributions: completely open or with a community edition and an enterprise edition. Using the Web Application Firewall (WAF), also known as reverse proxy, Sophos UTM lets you protect your webservers from attacks and malicious behavior like cross-site scripting (XSS), SQL injection, directory traversal, and other potent attacks against your servers.

Sophs has released v8 MR4:

Enhancements in XG Firewall v18 MR4

Sophos Log In

High Availability

  • Improved FastPath performance for Active-Passive pairs
  • HA support in Amazon Web Services using the AWS Transit Gateway (coming soon to the AWS marketplace)
  • Improved high availability setup and upgrades

VPN Enhancements

  • New advanced options for IPSec remote access (replacing scadmin)
  • Sophos Connect VPN client downloads now available from the user portal
  • Enforcement of TLS 1.2 for SSL VPN on site-to-site and remote-access connections

Security and other Enhancements

  • Stronger password hash – which will prompt you to change your password when upgrading to take full advantage of this important feature (see prompt below)
  • Password complexity have been enabled for all the passwords
  • Web Filtering – Websites that are identified as containing child sexual abuse content by the Internet Watch Foundation (IWF) will be automatically blocked when any web filtering is enabled. See www.iwf.co.uk for more information on the IWF.
  • Cloud Optix integration – Cloud Optix is now XG Firewall aware enabling the two solutions to work better together (full details).
  • Synchronized Application Control – a new option will automatically clean up discovered apps that are over a month old
  • Authentication – users can now be created for RADIUS using UPN format
  • 70 field reported issues have been resolved (see the list below)


    Be sure to take advantage of the new secure password hash system by resetting your admin password when prompted.

New Sophos Central Enhancements

  • New Partner Dashboard enabling Sophos partners to do group policy management across their customer base – make a change once and have it automatically replicate across multiple firewalls
  • New Group Policy Import enables one firewall to define the group policy during group setup making it easy to migrate from legacy CFM or SFM platforms
  • Scheduled Firmware Updates enables MR4 to be the first firmware you schedule using this new option
  • Full HA Support enabling easier management and improved fail-over support


New Group Policy Import makes switching to Sophos Central from CFM or SFM quick and easy.

With legacy SFM and CFM platforms coming to end of life soon, Sophos Central provides the ultimate platform for managing all your firewalls moving forward. If you haven’t already, now is the time to switch.

Sophos

Issues resolved in v18 MR4

Sophos endpoint download
  • NC-59149 [API Framework] CSC hangs as all 16 workers remains busy
  • NC-50703 [Authentication] Access server restarted with coredump using STAS and Chrome SSO
  • NC-54576 [Authentication] Sophos Connect connections exhausting virtual IP pool
  • NC-57273 [Authentication] Create users for RADIUS in UPN format
  • NC-59129 [Authentication] Authentication Failed due to SSL VPN (MAC BINDING) – Logging does not carry any information for the cause.
  • NC-61017 [AWS] AWS: TX-DRP increases constantly and affecting production traffic
  • NC-59574 [Base System (deprecated)] Sometimes hotfix timer is deleted
  • NC-58587 [Clientless Access] Clientless access service crashes
  • NC-59411 [DNS] Unable to add “underscore” character in DNS host entry
  • NC-54604 [Email] POPs/IMAPs (warren) dropping connection due to ssl cache error
  • NC-59897 [Email] Specific inbound mail apparently not being scanned for malware
  • NC-60858 [Email] PDF attachment in inbound email got stripped by XG firewall Email Protection
  • NC-63870 [Email] XG creates infinite connection to self on Port 25
  • NC-59406 [Firewall] Kernel crashed due to conntrack loop
  • NC-59809 [Firewall] Loopback rule not hit when created using Server access assistance (DNAT) wizard and WAN interface configured with network rather then host
  • NC-59929 [Firewall] Firewall Rules not visible on GUI, Page stuck on Loading
  • NC-60078 [Firewall] WAF: Certificate can’t be edit via API/XML import
  • NC-61226 [Firewall] Different destination IP is shown in log viewer for Allow and Drop firewall rule when DNAT is enabled
  • NC-61250 [Firewall] Memory leak (snort) on XG 430 rev. 2 running SFOS v18
  • NC-61282 [Firewall, HA] Failed to enable HA when a New XG is replaced in place of another XG.
  • NC-62001 [Firewall] Kernel Panic on XG550
  • NC-62196 [Firewall] Policy Test for Firewall, SSL/TLS and Web with DAY does not match with Schedule rule
  • NC-63429 [Firewall] Kernel stack is corrupted in bitmap hostset netlink dump
  • NC-65492 [Firewall] User is not able to generate access code for policy override
  • NC-59747 [Firmware Management] Upgrade to the v18 SR4 failed on Azure
  • NC-58618 [FQDN] [coredump] fqdnd in Version 18.0.2
  • NC-62868 [HA] HA – Certificate Sync fails in Aux
  • NC-64269 [HA] IPv6 MAC based rule not working when traffic is load balanced to Auxiliary
  • NC-64907 [HA] The auxiliary appliance crashes when broadcast packet is generated from it
  • NC-65158 [Hotspot] Voucher Export Shows Encrypted PSKs With SSMK
  • NC-57661 [IPS-DAQ-NSE] [NEMSPR-98] Browser ‘insecure connection’ message when NSE is on but not decrypting
  • NC-58391 [IPS-DAQ-NSE] TLS inspection causing trouble with incoming traffic
  • NC-61498 [IPS-DAQ-NSE] Symantec endpoint updates URL is getting failed when DPI interfere
  • NC-63242 [IPS-DAQ-NSE] SSL/TLS inspection causing outbound problems with Veeam backups
  • NC-59774 [IPsec] Charon shows dead Status
  • NC-59775 [IPsec] Follow-up: Sporadic connection interruption to local XG after IPsec rekeying
  • NC-60361 [IPsec] Intermittently incorrect IKE_SA proposal combination is being sent by XG during IKE_SA rekeying
  • NC-61092 [IPsec] Strongswan not creating default route in table 220
  • NC-62749 [IPsec] Responder not accepting SPI values after its ISP disconnects
  • NC-61101 [L2TP] Symlink not created for L2TP remote access
  • NC-62729 [L2TP] L2TP connection on alias interface not working since update to v18
  • NC-59563 [Licensing] Apostrophe in email address : Unable to load the “Administration” page from System > Administration
  • NC-63117 [Logging Framework] Garner is core-dumping frequently
  • NC-61535 [Network Utils] Diagnostics / Tools / Ping utility not working with PPPoE interface
  • NC-62654 [nSXLd] NSXLD Coredump caused device hang
  • NC-59724 [RED] Back-up from v17.5 MR10 Fails to Restore on v18
  • NC-60081 [RED] Unable to specify Username and Password when using GSM 3G/UMTS failover
  • NC-60158 [RED] FQDN host Group appearing in RED configuration – Standard /split network
  • NC-60854 [RED] Red S2S tunnel static routes disappear on firmware update
  • NC-63803 [RED] FailSafe Mode After Backup Restore – Reason Unable To Start RED Service
  • NC-55003 [Reporting] Keyword search engine report not working
  • NC-59106 [Reporting] Security Audit Report missing information in “Number of Attacks by Severity Level” section
  • NC-60430 [Reporting] XG firewall send duplicate copies of schedule executive report
  • NC-60851 [Reporting] Scheduled reports won’t be sent
  • NC-62804 [SecurityHeartbeat] Registration to central security heartbeat does not work via upstream proxy
  • NC-62182 [SFM-SCFM] Admin can not able to change password of SF 18.0 device from SFM/CFM device level
  • NC-61313 [SNMP] Memory Utilization mismatch between UI and atop/SNMP.
  • NC-64454 [SNMP] XG86 – /tmp partition becomes 100% full because of snmpd logs
  • NC-53896 [SSLVPN] Enforce TLS 1.2 on SSL VPN connections
  • NC-60302 [SSLVPN] All the SSL VPN Live connected users get disconnected when admin change the group of one SSL VPN connected user
  • NC-60184 [UI Framework] Missing HTTP Security Headers for HSTS and CSP
  • NC-61206 [Up2Date Client] XG Fails To Fetch hotfixes/patterns : File /conf/certificate/u2dclient.pem Missing
  • NC-62689 [VFP-Firewall] When fastpath (firewall-acceleration) is enabled ,traceroute will show time-out on the XG hop
  • NC-63783 [VFP-Firewall] Unable to start the IPS
  • NC-64470 [VFP-Firewall] Auto reboot/nmi_cpu_backtrace due to VFP.Disabling firewall acceleration did fix the issue
  • NC-63058 [VirtualAppliance] Incorrect Virtual XG Firewall Model Name Showing in GUI and CLI
  • NC-47994 [Web] Pattern updates for SAVI and AVIRA are failing
  • NC-54173 [Web] URL Group – add URL control fails on leading/trailing whitespace
  • NC-51888 [WebInSnort] IPP/AirPrint not accessible after upgrade software appliance firmware to 18.0 EAP1
  • NC-54978 [WebInSnort] When a HTTPS connection is not decrypted, the reports will show a hit to the site but no bytes sent/received
  • NC-62448 [WebInSnort] Core dump on Snort
  • NC-63515 [WebInSnort] NSE: Unsupported EC type with App control and web policy
  • NC-64875 [WebInSnort] HTTP Pipelining errors in DPI mode with non-pipelined traffic

Related Posts

You need to configure the web control options to protect users and computers. There are no default options.

Note If an option is locked global settings have been applied by your partner.
Note Web control doesn't support Desktop Messaging.

Website Not Available Sophos Free

Go to Endpoint Protection > Policies to apply web control.

To set up a policy, do as follows:

  • Create a Web Control policy.
  • Open the policy's Settings tab and configure it as described below. Make sure the policy is turned on.
Additional security options

Select Additional security options to configure access to advertisements, uncategorized sites and risky downloads.

  • Block risky downloads: This option blocks risky file types, but allows advertisements and uncategorized files.
  • None: This option allows risky file types, advertisements and uncategorized files.
  • Let me specify: This allows you to set advertisements and uncategorized file types to Allow or Block.

    It also allows you to set Risky File Types to:

    • Recommended: This gives you the settings shown in the table of file types below.
    • Allow: Allows all risky file types.
    • Warn: Warns the user that a file may be risky before they can download it.
    • Block: Blocks all risky file types.
    • Let me specify: This allows you to set a number of individual file types to Allow, Warn, or Block.

Acceptable web usage

Configure Acceptable web usage settings. These control the sites that users are allowed to visit.

Choose from the following options:

  • Keep it clean: Prevents users from accessing adult and other potentially inappropriate websites.
  • Gentle guidance : Blocks inappropriate browsing and warns users before visiting website categories that may impact their productivity.
  • Conserve bandwidth: Blocks inappropriate browsing and warns users before visiting productivity-impacting websites. Blocks site categories likely to consume high bandwidth.
  • Business only: Only allows site categories that are generally business-related.
  • Let me specify: Allows you to configure individual site categories. For each group of categories (such as Productivity-related categories) you can set the behavior to Block, Warn, Allow, or Let me specify. Choosing Let me specify allows you to configure individual categories within these groups.
    Note For more control over how policy affects websites you can use the Settings > Website Management page.

For more information on how Sophos filters websites see Sophos Web Security and Control Test Site.

Protect against data loss

Select Protect against data loss to configure data loss settings.

Selecting this option allows you to choose Block data sharing, Allow data sharing, or Let me specify. Setting these options controls access to web-based email and file downloads.

Log web control events

Select Log web control events to log attempts to visit blocked websites or websites for which we display a warning.

Note If you do not enable logging, only attempts to visit infected sites will be logged.

Log web control events

You can put websites into your own custom categories ('tag' them) and then use a web control policy to control sites in each category.

To set this up, do as follows.

  1. In Endpoint or Server Protection, go to Settings > Website Management.
  2. Click Add.
  3. In Add Website Customization, enter a website and add a tag. You can either type in a new tag name, or select a tag you've used before (you'll see suggested tags when you start typing). Click Save.
  4. In Endpoint or Server Protection, go to Policies > Web Control and select a policy.
  5. Click the Settings tab.
  6. Turn on Control sites tagged in Website Management.
  7. Click Add New on the right of the page.
  8. In Add Website Tag, do as follows.
    • Select the website tag you created.
    • Choose the Action you want to take against websites.
    • Click Save.
  9. At the top of the policy, click Save.

Website Not Available Sophos Security

Apply this web control policy at set times only

Note This option is not available in the Base policy.

Sophos Software

You can set times when you want to apply the policy.

  1. Turn on Apply this web control policy at set times only.
  2. Click Add.
  3. Select the days and times when the policy will apply.

Sophos Protection

Note This option uses the local time on the computers that the policy applies to. This may not be the same as the Sophos Central administrator's local time.