Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


SonicWALL TZ 300 and Filtering

Posted on 2016-08-23
Medium Priority
Last Modified: 2017-09-14
It seems that my TZ300 is blocking my being able to log into to sophos.com. The login to Sophos works fine until I get redirected to sophos.okta.com This then hangs. If I bypass the firewall I can log in fine. I have added okta.com to the allowed section in:-

Security Services/Content Filter/Configure/Custom List/Allowed URI

... but it makes no difference. I can't see anything on the TZ300 log. I have also filtered packet filtering for my machine and can't see anything that would help me resolve what's going on.
Question by:cescentman
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5

Expert Comment

by:J Spoor
ID: 41766940
Sophos is a direct competitor of SonicWALL. Your unit probably doesn't like you going to the competition.

Just a joke :)

Can you explain the exact behavior you are seeing? Any error message?
Not sure what this okta is?

Can you ping the domain that is not working to capture the IP address.
Then run a packet capture on that IP address and see if there are dropped packets.
if so, please copy paste the dropcode and module ID..


View example configurations and the SonicWALL webui and features on http://livedemo.sonicwall.com or http://ngfw-demo.com

Author Comment

ID: 41767092
Thanks for the speedy reply. Although I couched it as my network it's actually my son's business network so gathering data takes a little time as I need to remotely connect..

OK so sophos.okta.com redirects to https://secure2.sophos.com/login.aspx?..... on any number of machines I have tried outside his network. Also any machines bypassing the TZ300 connect without problem too.

The IP address changes so they clearly use balancing.

On his network through the firewall there is no error it just says fails to reach the site. There are no dropped packets showing when I refresh the browser and the packet capture screen

PingConfigureing packet captureAccessing sophos.okta.comNothing showing

Expert Comment

by:J Spoor
ID: 41767133
can you do the following, when capturing set Ethernet protocol to IP

you only caught switch packets

anyways the browser says it's a time out, if it would have been the SonicWALL dropping the packet you would see a different error.

from your pc open acommand promt

tracert  sophos.okta.com

gimme the out put please
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 41768842
OK no sign of dropped packets on the TZ300 the tracert output:-

Tracing route to sophos.okta.com []
over a maximum of 30 hops:

  1     7 ms     6 ms     7 ms
  2     7 ms     7 ms     7 ms
  3    12 ms     7 ms     8 ms  GAMMA-TELEC.car1.Manchester1.Level3.net []
  4    95 ms   210 ms   210 ms  te-4-2.car1.Manchester1.Level3.net []
  5    88 ms    98 ms    88 ms  AMAZON.COM.edge2.Washington1.Level3.net []
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8    94 ms    92 ms    99 ms
  9    89 ms    89 ms    89 ms
 10    88 ms    89 ms    89 ms
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16   110 ms   107 ms   105 ms
 17     *        *        *     Request timed out.
 18     *        *

Expert Comment

by:J Spoor
ID: 41768857
I'm also getting a lot of timed outs, hoped this would show a routing issue.

I can access the link from behind my own Sonic.

Unfortunately I'm at a loss without having the ability to advanced debug your SonicWALL...


Author Comment

ID: 41768867
Is advanced debugging something we could organise via a remote session?

Expert Comment

by:J Spoor
ID: 41768921
I would first run it by your son.
And / or contact SonicWALL support.

Accepted Solution

cescentman earned 0 total points
ID: 41784983
I’ve resolved this. The MTU setting on the firewall was 1500, putting it at 1492 sorted it.

Thanks for your help

Author Comment

ID: 41784987
I'm not sure what to do in this case as I resolved it but it seems unfair you get no points for all the effort you put in.

Assisted Solution

by:J Spoor
J Spoor earned 2000 total points
ID: 41784990
seems you have fragmentation issues then....

Author Closing Comment

ID: 41795671
The problem was resolved by me but on the way jspoor was very helpful.
LVL 26

Expert Comment

by:Blue Street Tech
ID: 42293818
Regarding your fragmenting issue this article will show you how to dial in your MTU settings precisely so that you can maximize your efficiency: https://www.experts-exchange.com/articles/12615/Unstable-Slow-Performing-Networks-or-VPNs-just-go-grocery-shopping.html


Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question