SFTP cannot connect

I am having an issue accessing a secure ftp web site from a network.  The network uses a watchguard xtm 25 appliance and then runs Server 2008 R2 as the network server.  The workstations are all Windows 7 Pro.

The URL is https://oebsftp.ontarioenergyboard.ca.  This should bring me to a log in page, but instead the following message

The message from IE 11 is as follows:

This page can’t be displayed


Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://oebsftp.ontarioenergyboard.ca  again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

Fire fox give the following:
Secure Connection Failed

The connection to oebsftp.ontarioenergyboard.ca was interrupted while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
Often the Ontario energy board upload sites are designed for IE only.

I do not see anything in the Watchguard appliance but may be overlooking something.

The server uses SEP 14.0 for both anti-virus and Firewall

As a separate issue, email using Outlook 2013 cannot use ssl either
WilfAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Wayne88Commented:
Support for some older TLS has ended.  You can turn on the lower TLS settings on the browsers but it's not recommended.  You can try using ftp client such as Filezilla to connect to that FTP URL.

If you still must use a web browser to access the website you can try enabling the settings as shown here: https://support.freshdesk.com/support/solutions/articles/222861-enabling-tls-1-1-and-tls-1-2-in-internet-explorer

In regards to the Outlook SSL problem are you referring to OWA?  Can you reach the URL at all and fail at SSL?  Please provide more details.
Dave BaldwinFixer of ProblemsCommented:
I had no trouble connecting to that site in IE11, Firefox, and Chrome on Windows 7 and Firefox on Win XP.
WilfAuthor Commented:
Thanks for the response/  The URL for the oebsftp can be reached from almost any other network or computer I have tried it on.  It will just not work from this particular network.  Filezilla is not an option in this case.

I get the same results with the tls settings enabled or not.  When I use a computer not on this network, I can connect with no issue.  I do not see anything in either SEP firewall or in the portion of the Windows Firewall that shows the rules for inbound and out bound [SEP has disabled the Windows Firewall].

On the SSL for the email:
"log onto incoming mail server (IMAP): A secure connection to the server cannot be established.
Send test email message: Your server does not support the connection encryption that you have specified.  Try changing the encryption method.  contact your mail server administrator or Internet service provider for additional assistance."

The mail server is a third party mail server provided with the web hosting company.  While the messages appear to indicated the issue is with the server, these settings work fine from other networks and computers.   I suspect this to be a generic message.

My concern is that there is something on this network that is blocking secure connections, because in both cases, the URL can be reached from any other network or computer, and the email settings work just fine from any other network or computer.

Is there something more that I can check?
Wayne88Commented:
""My concern is that there is something on this network that is blocking secure connections, because in both cases, the URL can be reached from any other network or computer, and the email settings work just fine from any other network or computer."

That's my thoughts are the same as well.  Can you attempt a trace from the router to see if TLS/SSL packets are getting thru?

"The URL for the oebsftp can be reached from almost any other network or computer I have tried it on."

If the problem is specific to one network I would start by looking at the firewall rules for this network.  I don't anticipate that this can be a DNS issue since you can reach the site, it's the TLS that's the problem but I would verify that the DNS is resolving fine.
Dave BaldwinFixer of ProblemsCommented:
Some anti-virus programs and firewalls intercept HTTPS requests so they can scan them.  When they do that, they regenerate the request using their own SSL/TLS capabilities... which aren't always current.
WilfAuthor Commented:
I have tested the URL on an identical network, and it works fine. Just not on this particular network
Wayne88Commented:
Is this particular network behind the same router as the one that's working?
David Johnson, CD, MVPRetiredCommented:
concur site loads google.chrome, Microsoft Edge, Internet Explorer
WilfAuthor Commented:
Yes both networks are using a Watchguard XTM 25 appliance as a router.  Both networks have a single file server that acts as Domain controller, DHCP server, DNS server, etc
masnrockCommented:
Yes both networks are using a Watchguard XTM 25 appliance as a router.  Both networks have a single file server that acts as Domain controller, DHCP server, DNS server, etc
So I would ask what the difference in configuration of the firewalls is. Sounds like either a filtering or proxying issue. Start with looking at the FTP rules on each Watchguard.
WilfAuthor Commented:
Will continue looking later, Thanks.  So far the rules look identical.
masnrockCommented:
Is the firmware different? Is there a configuration difference outside of the rules?
WilfAuthor Commented:
The only differences in the two set ups is that there was a WG-IMAP [predefined rule] in the site that cannot use SSL in outlook and cannot access the sftp site.  I removed that rule, and it still seems to be the same.

The other difference is that the site that cannot access the sftp has two BOVPN firewall rules, but there does not seem to be anything in them that would create any secure shell issues.
masnrockCommented:
Did this ever start working?
WilfAuthor Commented:
No it did not.  I am still poking at it, but have not had any success to date.  I will try another router when I can get onto the network and see if that makes a difference
masnrockCommented:
Any luck?
WilfAuthor Commented:
nothing
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.