Sonicwall router blocking web site

I have a TZ100 in San Diego, and when I try to go to a certain website from a computer behind this firewall, I get the following error:

***********************************************************************************************************************
You are not authorized to view this page
The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
--------------------------------------------------------------------------------

Please try the following:

•Contact the Web site administrator if you believe you should be able to view this directory or page.
HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.
Internet Information Services (IIS)

--------------------------------------------------------------------------------

Technical Information (for support personnel)

•Go to Microsoft Product Support Services and perform a title search for the words HTTP and 403.
•Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled About Security, Limiting Access by IP Address, IP Address Access Restrictions, and About Custom Error Messages.

**************************************************************************************************************************
When I try this from another computer in a Seattle, I am successful.  

Now when logging into the Sonicwall, I get this in the logs:
2 09/15/2010 16:12:37.416 Debug Network TCP connection abort received; TCP connection dropped 192.168.2.201, 11792, X0 (admin) 208.72.x.x, 80, X1, sws004.actionhosting.ca TCP Flag(s): ACK RST

In the San Diego computer, I get only the following from netstat:
TCP    192.168.2.201:54405    208.72.x.x:80        ESTABLISHED

From the Seattle computer, I get this from netstat:
TCP    10.200.0.100:49628     208.72.x.x:80        ESTABLISHED
 TCP    10.200.0.100:49630     208.72.x.x:80        ESTABLISHED
 TCP    10.200.0.100:49631     208.72.x.x:80      ESTABLISHED
 TCP    10.200.0.100:49632     208.72.x.x:80      ESTABLISHED
 TCP    10.200.0.100:49633     208.72.x.x:80          ESTABLISHED
 TCP    10.200.0.100:49634     208.72.x.x:80        ESTABLISHED

It appears that the Sonicwall may be blocking multiple simultaneous connections, but perhaps it is an issue where the IIS server at the web host has the IP blocked.

Anyone have any ideas on what I can tweak on the Sonicwall to get this to work, or do you think it is their web server?
B1izzardAsked:
Who is Participating?
 
aleghartConnect With a Mentor Commented:
>The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site

Looks like your WAN IP address matches a blocking rule on the remote server.  Have you tried to contact the site's admin?

You didn't provide your WAN IP address (which is fine in a public forum), but if you're running through a proxy, perhaps the remote server has a rule blocking certain proxies.

The 208.72.x.x block belongs to a Windows server hosting company, so you'd have to contact the admin for the specific server you're having problems with, not the netblock owner.
0
 
DaxitConnect With a Mentor Commented:
Hi

I agree with Aleghart, it plain stated in the message you receive.

Bye
0
 
digitapConnect With a Mentor Commented:
run your public ip to see if it's on a block list.
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
B1izzardAuthor Commented:
What type of block list are you referring to specifically?  They aren't on any spam block lists if that's what you are referring to.  
It just strikes me as odd that they would block this particular IP when they've never been to the website before and aren't on any spam lists.  Perhaps they blocked on entire subnet...
0
 
digitapCommented:
Yes...spam block list was what I was referring to.  I know that some ISP vendors will block an entire subnet.  ATT is bad about that.  One IP ruins it for everyone else.
0
 
DaxitCommented:
Hi

I suggest you to call the admins of the server you need to access, I guess that if they are cooperative it is the fast way to know if the problem is only on their side. Start from this, as soon as you clear out the block on their side if any other problem occurs you know that you must search on your side then.

Actually you have a message plain stating that the problem is on their side, so start from there.

I find horrible the fact that a ISP blocks an entire subnet, I guess you can complain about it if that is the case. It seems to me a very arbirtary way to operate, unless evidence that the entire subnet is making problems, on the other side I understand also tha being the spam much more than the sensible traffic, internet pros might take very drastic decisions too.

Bye
0
 
aleghartCommented:
>I find horrible the fact that a ISP blocks an entire subnet,

More likely it is the server admin, not the data co-location center.  The return message is coming from IIS.   The data center rents Windows servers... but I doubt that they route all inboud traffic through their own IIS before passing it on to the server.
0
 
B1izzardAuthor Commented:
Thanks everyone.
0
 
digitapCommented:
thanks for the points.  what was the resolution?  can you get to the website now?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.