Solved

SonicWALL TZ 300 and Filtering

Posted on 2016-08-23
11
12 Views
Last Modified: 2016-09-13
It seems that my TZ300 is blocking my being able to log into to sophos.com. The login to Sophos works fine until I get redirected to sophos.okta.com This then hangs. If I bypass the firewall I can log in fine. I have added okta.com to the allowed section in:-

Security Services/Content Filter/Configure/Custom List/Allowed URI

... but it makes no difference. I can't see anything on the TZ300 log. I have also filtered packet filtering for my machine and can't see anything that would help me resolve what's going on.
0
Comment
Question by:cescentman
  • 6
  • 5
11 Comments
 
LVL 5

Expert Comment

by:JSpoor
Comment Utility
Sophos is a direct competitor of SonicWALL. Your unit probably doesn't like you going to the competition.

Just a joke :)

Can you explain the exact behavior you are seeing? Any error message?
Not sure what this okta is?

Can you ping the domain that is not working to capture the IP address.
Then run a packet capture on that IP address and see if there are dropped packets.
if so, please copy paste the dropcode and module ID..

sophos.com


View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com
0
 
LVL 1

Author Comment

by:cescentman
Comment Utility
Thanks for the speedy reply. Although I couched it as my network it's actually my son's business network so gathering data takes a little time as I need to remotely connect..

OK so sophos.okta.com redirects to https://secure2.sophos.com/login.aspx?..... on any number of machines I have tried outside his network. Also any machines bypassing the TZ300 connect without problem too.

The IP address changes so they clearly use balancing.

On his network through the firewall there is no error it just says fails to reach the site. There are no dropped packets showing when I refresh the browser and the packet capture screen

PingConfigureing packet captureAccessing sophos.okta.comNothing showing
0
 
LVL 5

Expert Comment

by:JSpoor
Comment Utility
can you do the following, when capturing set Ethernet protocol to IP

you only caught switch packets

anyways the browser says it's a time out, if it would have been the SonicWALL dropping the packet you would see a different error.

from your pc open acommand promt

tracert  sophos.okta.com

gimme the out put please
0
 
LVL 1

Author Comment

by:cescentman
Comment Utility
OK no sign of dropped packets on the TZ300 the tracert output:-

Tracing route to sophos.okta.com [54.197.192.176]
over a maximum of 30 hops:

  1     7 ms     6 ms     7 ms  164.39.255.30
  2     7 ms     7 ms     7 ms  164.39.240.98
  3    12 ms     7 ms     8 ms  GAMMA-TELEC.car1.Manchester1.Level3.net [212.187.137.230]
  4    95 ms   210 ms   210 ms  te-4-2.car1.Manchester1.Level3.net [212.187.137.229]
  5    88 ms    98 ms    88 ms  AMAZON.COM.edge2.Washington1.Level3.net [4.79.22.74]
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8    94 ms    92 ms    99 ms  54.239.110.229
  9    89 ms    89 ms    89 ms  54.239.109.147
 10    88 ms    89 ms    89 ms  72.21.222.157
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16   110 ms   107 ms   105 ms  216.182.224.173
 17     *        *        *     Request timed out.
 18     *        *
0
 
LVL 5

Expert Comment

by:JSpoor
Comment Utility
weird...
I'm also getting a lot of timed outs, hoped this would show a routing issue.

I can access the link from behind my own Sonic.

Unfortunately I'm at a loss without having the ability to advanced debug your SonicWALL...

Sorry...
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:cescentman
Comment Utility
Is advanced debugging something we could organise via a remote session?
0
 
LVL 5

Expert Comment

by:JSpoor
Comment Utility
I would first run it by your son.
And / or contact SonicWALL support.
0
 
LVL 1

Accepted Solution

by:
cescentman earned 0 total points
Comment Utility
I’ve resolved this. The MTU setting on the firewall was 1500, putting it at 1492 sorted it.

Thanks for your help
0
 
LVL 1

Author Comment

by:cescentman
Comment Utility
I'm not sure what to do in this case as I resolved it but it seems unfair you get no points for all the effort you put in.
0
 
LVL 5

Assisted Solution

by:JSpoor
JSpoor earned 500 total points
Comment Utility
seems you have fragmentation issues then....
0
 
LVL 1

Author Closing Comment

by:cescentman
Comment Utility
The problem was resolved by me but on the way jspoor was very helpful.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now