Solved

Sonicwall router blocking web site

Posted on 2010-09-15
9
2,512 Views
Last Modified: 2012-05-10
I have a TZ100 in San Diego, and when I try to go to a certain website from a computer behind this firewall, I get the following error:

***********************************************************************************************************************
You are not authorized to view this page
The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
--------------------------------------------------------------------------------

Please try the following:

•Contact the Web site administrator if you believe you should be able to view this directory or page.
HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.
Internet Information Services (IIS)

--------------------------------------------------------------------------------

Technical Information (for support personnel)

•Go to Microsoft Product Support Services and perform a title search for the words HTTP and 403.
•Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled About Security, Limiting Access by IP Address, IP Address Access Restrictions, and About Custom Error Messages.

**************************************************************************************************************************
When I try this from another computer in a Seattle, I am successful.  

Now when logging into the Sonicwall, I get this in the logs:
2 09/15/2010 16:12:37.416 Debug Network TCP connection abort received; TCP connection dropped 192.168.2.201, 11792, X0 (admin) 208.72.x.x, 80, X1, sws004.actionhosting.ca TCP Flag(s): ACK RST

In the San Diego computer, I get only the following from netstat:
TCP    192.168.2.201:54405    208.72.x.x:80        ESTABLISHED

From the Seattle computer, I get this from netstat:
TCP    10.200.0.100:49628     208.72.x.x:80        ESTABLISHED
 TCP    10.200.0.100:49630     208.72.x.x:80        ESTABLISHED
 TCP    10.200.0.100:49631     208.72.x.x:80      ESTABLISHED
 TCP    10.200.0.100:49632     208.72.x.x:80      ESTABLISHED
 TCP    10.200.0.100:49633     208.72.x.x:80          ESTABLISHED
 TCP    10.200.0.100:49634     208.72.x.x:80        ESTABLISHED

It appears that the Sonicwall may be blocking multiple simultaneous connections, but perhaps it is an issue where the IIS server at the web host has the IP blocked.

Anyone have any ideas on what I can tweak on the Sonicwall to get this to work, or do you think it is their web server?
0
Comment
Question by:B1izzard
  • 3
  • 2
  • 2
  • +1
9 Comments
 
LVL 32

Accepted Solution

by:
aleghart earned 167 total points
ID: 33687618
>The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site

Looks like your WAN IP address matches a blocking rule on the remote server.  Have you tried to contact the site's admin?

You didn't provide your WAN IP address (which is fine in a public forum), but if you're running through a proxy, perhaps the remote server has a rule blocking certain proxies.

The 208.72.x.x block belongs to a Windows server hosting company, so you'd have to contact the admin for the specific server you're having problems with, not the netblock owner.
0
 
LVL 7

Assisted Solution

by:Daxit
Daxit earned 167 total points
ID: 33687774
Hi

I agree with Aleghart, it plain stated in the message you receive.

Bye
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 166 total points
ID: 33687807
run your public ip to see if it's on a block list.
0
 

Author Comment

by:B1izzard
ID: 33688886
What type of block list are you referring to specifically?  They aren't on any spam block lists if that's what you are referring to.  
It just strikes me as odd that they would block this particular IP when they've never been to the website before and aren't on any spam lists.  Perhaps they blocked on entire subnet...
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 33

Expert Comment

by:digitap
ID: 33691949
Yes...spam block list was what I was referring to.  I know that some ISP vendors will block an entire subnet.  ATT is bad about that.  One IP ruins it for everyone else.
0
 
LVL 7

Expert Comment

by:Daxit
ID: 33692464
Hi

I suggest you to call the admins of the server you need to access, I guess that if they are cooperative it is the fast way to know if the problem is only on their side. Start from this, as soon as you clear out the block on their side if any other problem occurs you know that you must search on your side then.

Actually you have a message plain stating that the problem is on their side, so start from there.

I find horrible the fact that a ISP blocks an entire subnet, I guess you can complain about it if that is the case. It seems to me a very arbirtary way to operate, unless evidence that the entire subnet is making problems, on the other side I understand also tha being the spam much more than the sensible traffic, internet pros might take very drastic decisions too.

Bye
0
 
LVL 32

Expert Comment

by:aleghart
ID: 33694122
>I find horrible the fact that a ISP blocks an entire subnet,

More likely it is the server admin, not the data co-location center.  The return message is coming from IIS.   The data center rents Windows servers... but I doubt that they route all inboud traffic through their own IIS before passing it on to the server.
0
 

Author Closing Comment

by:B1izzard
ID: 33695171
Thanks everyone.
0
 
LVL 33

Expert Comment

by:digitap
ID: 33695591
thanks for the points.  what was the resolution?  can you get to the website now?
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now