SonicWALL TZ 300 and Filtering
It seems that my TZ300 is blocking my being able to log into to sophos.com. The login to Sophos works fine until I get redirected to sophos.okta.com This then hangs. If I bypass the firewall I can log in fine. I have added okta.com to the allowed section in:-
Security Services/Content Filter/Configure/Custom List/Allowed URI
... but it makes no difference. I can't see anything on the TZ300 log. I have also filtered packet filtering for my machine and can't see anything that would help me resolve what's going on.
Security Services/Content Filter/Configure/Custom List/Allowed URI
... but it makes no difference. I can't see anything on the TZ300 log. I have also filtered packet filtering for my machine and can't see anything that would help me resolve what's going on.
ASKER
Thanks for the speedy reply. Although I couched it as my network it's actually my son's business network so gathering data takes a little time as I need to remotely connect..
OK so sophos.okta.com redirects to https://secure2.sophos.com/login.aspx?..... on any number of machines I have tried outside his network. Also any machines bypassing the TZ300 connect without problem too.
The IP address changes so they clearly use balancing.
On his network through the firewall there is no error it just says fails to reach the site. There are no dropped packets showing when I refresh the browser and the packet capture screen
OK so sophos.okta.com redirects to https://secure2.sophos.com/login.aspx?..... on any number of machines I have tried outside his network. Also any machines bypassing the TZ300 connect without problem too.
The IP address changes so they clearly use balancing.
On his network through the firewall there is no error it just says fails to reach the site. There are no dropped packets showing when I refresh the browser and the packet capture screen
can you do the following, when capturing set Ethernet protocol to IP
you only caught switch packets
anyways the browser says it's a time out, if it would have been the SonicWALL dropping the packet you would see a different error.
from your pc open acommand promt
tracert sophos.okta.com
gimme the out put please
you only caught switch packets
anyways the browser says it's a time out, if it would have been the SonicWALL dropping the packet you would see a different error.
from your pc open acommand promt
tracert sophos.okta.com
gimme the out put please
ASKER
OK no sign of dropped packets on the TZ300 the tracert output:-
Tracing route to sophos.okta.com [54.197.192.176]
over a maximum of 30 hops:
1 7 ms 6 ms 7 ms 164.39.255.30
2 7 ms 7 ms 7 ms 164.39.240.98
3 12 ms 7 ms 8 ms GAMMA-TELEC.car1.Mancheste
4 95 ms 210 ms 210 ms te-4-2.car1.Manchester1.Le
5 88 ms 98 ms 88 ms AMAZON.COM.edge2.Washingto
6 * * * Request timed out.
7 * * * Request timed out.
8 94 ms 92 ms 99 ms 54.239.110.229
9 89 ms 89 ms 89 ms 54.239.109.147
10 88 ms 89 ms 89 ms 72.21.222.157
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 110 ms 107 ms 105 ms 216.182.224.173
17 * * * Request timed out.
18 * *
Tracing route to sophos.okta.com [54.197.192.176]
over a maximum of 30 hops:
1 7 ms 6 ms 7 ms 164.39.255.30
2 7 ms 7 ms 7 ms 164.39.240.98
3 12 ms 7 ms 8 ms GAMMA-TELEC.car1.Mancheste
4 95 ms 210 ms 210 ms te-4-2.car1.Manchester1.Le
5 88 ms 98 ms 88 ms AMAZON.COM.edge2.Washingto
6 * * * Request timed out.
7 * * * Request timed out.
8 94 ms 92 ms 99 ms 54.239.110.229
9 89 ms 89 ms 89 ms 54.239.109.147
10 88 ms 89 ms 89 ms 72.21.222.157
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 110 ms 107 ms 105 ms 216.182.224.173
17 * * * Request timed out.
18 * *
weird...
I'm also getting a lot of timed outs, hoped this would show a routing issue.
I can access the link from behind my own Sonic.
Unfortunately I'm at a loss without having the ability to advanced debug your SonicWALL...
Sorry...
I'm also getting a lot of timed outs, hoped this would show a routing issue.
I can access the link from behind my own Sonic.
Unfortunately I'm at a loss without having the ability to advanced debug your SonicWALL...
Sorry...
ASKER
Is advanced debugging something we could organise via a remote session?
I would first run it by your son.
And / or contact SonicWALL support.
And / or contact SonicWALL support.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm not sure what to do in this case as I resolved it but it seems unfair you get no points for all the effort you put in.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The problem was resolved by me but on the way jspoor was very helpful.
Regarding your fragmenting issue this article will show you how to dial in your MTU settings precisely so that you can maximize your efficiency: https://www.experts-exchange.com/articles/12615/Unstable-Slow-Performing-Networks-or-VPNs-just-go-grocery-shopping.html
Cheers!
Cheers!
Just a joke :)
Can you explain the exact behavior you are seeing? Any error message?
Not sure what this okta is?
Can you ping the domain that is not working to capture the IP address.
Then run a packet capture on that IP address and see if there are dropped packets.
if so, please copy paste the dropcode and module ID..
sophos.com
View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com