Broken connection status in network connection center with Sophos UTM

When you configure a Web Security Proxy Profile with Sophos UTM (Astaro ASG) for your network with authentication mode on, some applications just want to go directly outside without to authenticate themselves like the network connection center in Windows Vista/7/8. The system trys to open a default specified URL which can be found at the registry:

HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/NlaSvc/Parameters/Internet

with this configuration

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet]
“PassivePollPeriod”=dword:00000005
“StaleThreshold”=dword:0000001e
“WebTimeout”=dword:00000023
“EnableActiveProbing”=dword:00000001
“ActiveWebProbeHost”=”www.msftncsi.com
“ActiveWebProbePath”=”ncsi.txt”
“ActiveWebProbeContent”=”Microsoft NCSI”
“ActiveDnsProbeHost”=”dns.msftncsi.com”
“ActiveDnsProbeContent”=”131.107.255.255”

So the client is always trying to get “http://www.msftncsi.com/ncsi.txt” at network connection start. If the access will be blocked by the Sophos UTM you will see this in the web security log:

2012:07:06-08:16:01 utm-1 httpproxy[29953]: id=”0002″ severity=”info” sys=”SecureWeb” sub=”http” name=”web request blocked” action=”block” method=”GET” srcip=”192.168.25.20″ dstip=”” user=”” statuscode=”403″ cached=”0″ profile=”REF_DefaultHTTPProfile (Default Proxy)” filteraction=”REF_DefaultHTTPCFFAction (Default content filter action)” size=”6442″ request=”0xac96178″ url=”http://www.msftncsi.com/ncsi.txt” exceptions=”” error=””

So just configure an exception at “Web Security / Webfilter / Exceptions”-tab for this URL and you will see again the correct connection status:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.