After the third customer with the same problem in a short time, I think it’s time to blog this :)
The customers told as, that websites are downloaded very slowly or some URLs can’t be reached. A single speed test shows (confusing) the full speed. So I watched at the webfilter livelog while accessing a website. There were many entries with “http://http.00.s.sophosxl.net”. I have the same problem with the Sophos UTM built-in endpoint protection and the standalone Sophos Endpoint Protection. The Sophos support itself suggest to deactivate the webprotection from the client. In the UTM you can’t edit the basic policy, so make a new policy with the same configuration except the webprotection (deactivate it) and change the policy for the computer-groups. Check the computer settings after 5 minutes by clicking on the Sophos icon in the taskbar. Click on “AntiVirus- and HIPS protection” and than on “webprotection”, if this option is off, again test the access with a heavy loaded websites and check the livelog of Sophos UTM Web Protection, there should be no entry with http://http.00.s.sophosxl.net any more!
One Response
I’ve never been a fan of such vertical integration. Considering that if you have sophos endpoint behind UTM the UTM is bypassed(told to me by a rep). So if you have UTM at the edge put another non-sophos or avira enpoint behind it. You then don’t have to worry bout this bug nor do you loose a layer of protection.