Skip to main content

Sophos XG firewall once again kills backup with Crashplan Central (Cloud)

It seems such a long time ago I battled with Sophos XG firewall (v15.x) to get Crashplan Central (Cloud Backup) to work through it (#1). Last month I upgraded to v16.x and hey, what do you know? A new problem with connection to Crashplan Central.

To make a long story short (read the forum posts), there's a bug (what else is new when it comes to Crashplan and XG) in v16 (including v16.0.1.1) that blocks the crashplan traffic. It's confirmed by Sophos KB (#2) and they say:
In certain situations traffic being passed through the XG firewall may appear be passed through the proxy even when no Web Policy is enabled within the relevant firewall rule and HTTP/HTTPS scanning is disabled."
Both the KB and forumpost (#3) gives a workaround:


    1. Connect to the XG firewall via SSH and select option 4 (Device Console) from the menu
    2. run the below to disable this:
      system application_classification microapp-discovery off
    3. Restart Crashplan

    Links:
    1. https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/32111/anyone-successfully-running-crashplan-backups-through-an-xg/314571#pi2132219853=1
    2. https://community.sophos.com/kb/en-us/125458
    3. https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/81482/crashplan-connectivity-issues-with-xg-16/310556?pi2132219853=2&pi2132219849=84
    PS! I have not checked, nor installed, v16.0.1.2 to confirm it's still there or not. Might do that soon, and update this post.
    Labels:

    Comments

    Post a Comment

    Popular posts from this blog

    How to configure multiple VLANs on QNAP TS-869U

    It's unbelievable that QNAP still doesn't support multiple VLANs on a single bond0 interface via GUI when they now just released the QTS v4.1.0 NAS Operation System for QNAP. The underlying Linux OS (QTS) does support it, and there should at least not be any problems with Intel chipsets. Some are reporting problems with Marvell.. but I haven't tried. I wanted to use the QNAP as a iSCSI storage for my LAB using a second interface while having full redundancy and get max bandwith (2x1GbE) for my ESXi hosts, and I didn't want that interface routed. At the same time I of course need the possibility to manage the QNAP system via the main interface, which is routed. This CLI "hack" will at configure the QNAP for a second VLAN interface that will be persistent during reboots. It's not been verified that it works after an upgrade of the firmware, but I presumed it will. To get this to work I presume you already have the following working: Network onfigured...
    5 comments
    Read more

    Intel Rapid Storage Technology (iRST) driver for Windows 10 on older chipsets (7-series and older)

    My computer is still more than fast enough even though it's over 4 years old. It's a Intel Core i7-3770K with 32GB DDR4-1600 RAM on an Asus ROG Maximus V Gene mainboard. The chipset is Z77 and so it was more or less the best to get at the time being. I started with two Samsung SSD 830 in RAID-9 and later upgraded to a OCZ RevoDrive3 X2 PCIe SSD for my OS disk. Fast forward from Windows 7/8 to Windows 10 (v1607) and Intel seems to not have released any Windows 10 supported SATA controller drivers for Z77. Or have they? It seems that as long as your BIOS has the Intel SATA controller set to AHCI-mode, Windows 10 will install and use the generic ' Standard SATA controller ' and trying to install the latest iRST driver v15.2.0.1020 (latest version as of 2016-12-15) on an AHCI configured Z77-system only gives you an error: Platform not supported The good news is that Intel does have driver support for some of the older chipsets; those that have RAID capabilities, whi...
    1 comment
    Read more

    Selskaper bygget på deling-trenden

    Selskaper bygget pÃ¥ deling-trenden Airbnb:  Formidling av utleieboliger og -rom over hele verden. Nett: airbnb.com   Andre:  wimdu.com ,  homeaway.com ,  vrbo.com , couchsurfing.org ,  ficalaemcasa.com.br RelayRides:  Formidler leie av privatbiler. Nett:  relayrides.com Andre:  flightcar.com ,  getaround.com Lyft:  Taxitjeneste levert av privatpersoner gjennom telefonapp. Nett: lyft.com Andre:  side.cr Eatwith:  Betal for Ã¥ spise middag hjemme hos andre mennesker. Nett: eatwith.com Andre:  meetmeals.com ,  grubclub.com Taskrabbit:  Forum for kjøp og salg av tjenester, som Ã¥ gÃ¥ pÃ¥ butikken eller vaske huset. Nett:  taskrabbit.com Andre:  agentanything.com ,  iamexec.com Carpooling:  Kobler mennesker som skal reise samme vei. Nett: carpooling.com Andre:  zimride.com Jetlimo:  Fører sammen mennesker som skal reise samme vei, og ordner et privatfly. Nett:  ...
    Post a Comment
    Read more