asa 5516 and sophos utm fro web protection help

timrichards1 · ‎07-10-2017

Hi all

Hoping you can help. We use a asa-5516x asa version 9.6(2) asdm version 7.6(1) as our firewall and sophos utm 9 for reverse proxy.

However, we are now investigating sophos UTM for web protection too so gets added to our users web broswer with a port of 8080 as a proxy server so all web traffic should go out through the sophos utm then out of the asa firewall.

the sophos has 2 interfaces, the External one sits in our dmz subnet and internal interface sits on our main internal subnet.

I need to allow the traffic through the firewall so web browsing works. If i test from our workstation I get a sophos error message in the web page saying connection to server timed out and when monitoring the asa for the dmz ip address i can see the request for the web site (bbc.co.uk) so its going out but i have obviously got something wrong.

6

Jul 11 2017

11:31:54

302013

sophos dmz ip address

39157

212.58.246.78

80

Built outbound TCP connection 104993831 for outside:212.58.246.78/80 (212.58.246.78/80) to DMZ_EXT:sophos dmz ip address/39157 (192.168.20.42/39157)

Any help would be VERY welcome

Aditya Ganjoo · ‎07-10-2017

Hi Tim,

Have you allowed the correct set of rules on the ASA?

Could you please share the output of the packet tracer for the concerned traffic?

Regards,

Aditya

timrichards1 · ‎07-10-2017

Hi Aditya

Many thanks for your help and i most likely havent got the right rules setup (rather new to this)

I have attached snips of the 4 packet traces

Aditya Ganjoo · ‎07-10-2017

Hi Tim,

As per the outputs, ASA is allowing the traffic and I do not see any issues.

Can you also check logs on the ASA and confirm if we see traffic bi-directionally?

ASA would either allow or drop the traffic.

Regards,

Aditya