We help IT Professionals succeed at work.

Sonicwall router blocking web site

B1izzard
B1izzard asked
on
2,790 Views
Last Modified: 2012-05-10
I have a TZ100 in San Diego, and when I try to go to a certain website from a computer behind this firewall, I get the following error:

***********************************************************************************************************************
You are not authorized to view this page
The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
--------------------------------------------------------------------------------

Please try the following:

•Contact the Web site administrator if you believe you should be able to view this directory or page.
HTTP Error 403.6 - Forbidden: IP address of the client has been rejected.
Internet Information Services (IIS)

--------------------------------------------------------------------------------

Technical Information (for support personnel)

•Go to Microsoft Product Support Services and perform a title search for the words HTTP and 403.
•Open IIS Help, which is accessible in IIS Manager (inetmgr), and search for topics titled About Security, Limiting Access by IP Address, IP Address Access Restrictions, and About Custom Error Messages.

**************************************************************************************************************************
When I try this from another computer in a Seattle, I am successful.  

Now when logging into the Sonicwall, I get this in the logs:
2 09/15/2010 16:12:37.416 Debug Network TCP connection abort received; TCP connection dropped 192.168.2.201, 11792, X0 (admin) 208.72.x.x, 80, X1, sws004.actionhosting.ca TCP Flag(s): ACK RST

In the San Diego computer, I get only the following from netstat:
TCP    192.168.2.201:54405    208.72.x.x:80        ESTABLISHED

From the Seattle computer, I get this from netstat:
TCP    10.200.0.100:49628     208.72.x.x:80        ESTABLISHED
 TCP    10.200.0.100:49630     208.72.x.x:80        ESTABLISHED
 TCP    10.200.0.100:49631     208.72.x.x:80      ESTABLISHED
 TCP    10.200.0.100:49632     208.72.x.x:80      ESTABLISHED
 TCP    10.200.0.100:49633     208.72.x.x:80          ESTABLISHED
 TCP    10.200.0.100:49634     208.72.x.x:80        ESTABLISHED

It appears that the Sonicwall may be blocking multiple simultaneous connections, but perhaps it is an issue where the IIS server at the web host has the IP blocked.

Anyone have any ideas on what I can tweak on the Sonicwall to get this to work, or do you think it is their web server?
Comment
Watch Question

CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Top Expert 2010
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
What type of block list are you referring to specifically?  They aren't on any spam block lists if that's what you are referring to.  
It just strikes me as odd that they would block this particular IP when they've never been to the website before and aren't on any spam lists.  Perhaps they blocked on entire subnet...
Top Expert 2010

Commented:
Yes...spam block list was what I was referring to.  I know that some ISP vendors will block an entire subnet.  ATT is bad about that.  One IP ruins it for everyone else.
CERTIFIED EXPERT

Commented:
Hi

I suggest you to call the admins of the server you need to access, I guess that if they are cooperative it is the fast way to know if the problem is only on their side. Start from this, as soon as you clear out the block on their side if any other problem occurs you know that you must search on your side then.

Actually you have a message plain stating that the problem is on their side, so start from there.

I find horrible the fact that a ISP blocks an entire subnet, I guess you can complain about it if that is the case. It seems to me a very arbirtary way to operate, unless evidence that the entire subnet is making problems, on the other side I understand also tha being the spam much more than the sensible traffic, internet pros might take very drastic decisions too.

Bye
CERTIFIED EXPERT

Commented:
>I find horrible the fact that a ISP blocks an entire subnet,

More likely it is the server admin, not the data co-location center.  The return message is coming from IIS.   The data center rents Windows servers... but I doubt that they route all inboud traffic through their own IIS before passing it on to the server.

Author

Commented:
Thanks everyone.
Top Expert 2010

Commented:
thanks for the points.  what was the resolution?  can you get to the website now?
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.