cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
772
Views
0
Helpful
3
Replies

asa 5516 and sophos utm fro web protection help

timrichards1
Level 1
Level 1

Hi all

Hoping you can help. We use a asa-5516x asa version 9.6(2) asdm version 7.6(1) as our firewall and sophos utm 9 for reverse proxy.

However, we are now investigating sophos UTM for web protection too so gets added to our users web broswer with a port of 8080 as a proxy server so all web traffic should go out through the sophos utm then out of the asa firewall.

the sophos has 2 interfaces, the External one sits in our dmz subnet and internal interface sits on our main internal subnet.

I need to allow the traffic through the firewall so web browsing works. If i test from our workstation I get a sophos error message in the web page saying connection to server timed out and when monitoring the asa for the dmz ip address i can see the request for the web site (bbc.co.uk) so its going out but i have obviously got something wrong. 

6 Jul 11 2017 11:31:54 302013 sophos dmz ip address 39157

212.58.246.78

80 Built outbound TCP connection 104993831 for outside:212.58.246.78/80 (212.58.246.78/80) to DMZ_EXT:sophos dmz ip address/39157 (192.168.20.42/39157)

Any help would be VERY welcome

3 Replies 3

Aditya Ganjoo
Cisco Employee
Cisco Employee

Hi Tim,

Have you allowed the correct set of rules on the ASA?

Could you please share the output of the packet tracer for the concerned traffic?

Regards,

Aditya

Hi Aditya

Many thanks for your help and i most likely havent got the right rules setup (rather new to this)

I have attached snips of the 4 packet traces

Hi Tim,

As per the outputs, ASA is allowing the traffic and I do not see any issues.

Can you also check logs on the ASA and confirm if we see traffic bi-directionally?

ASA would either allow or drop the traffic.

Regards,

Aditya

Review Cisco Networking for a $25 gift card