Problems accessing secure sites

Hi gromack,

Are you running DPI-SSL?
Make sure your logs are configured to record everything.
Have you run a Packet Capture yet, if not do so!

Is this occurring with every HTTPS connection...is it happening on all HTTPS sites?

Obviously something changed - review the change logs.

Let me know if you have any questions!

Here's a dumb question - where do I enable logging for everything?
I went from a sonicwall that was about 12 years old, running a very much older version of sonic OS & am still learning my way around this new & improved version!
Again, I can't stress enough that all this was working just fine, until Friday. What could have happened to change that?

If I use a different browser, I'm getting a timed out message

Do you have 2 ISPs setup in the SonicWALL?

No

You didn't answer any of my questions...please address those in my first comment so I can help you!

Squeaky wheel has left for the day & I got shifted in another direction. Didn't realize I still had support contract on it, too & am calling Sonicwall tech support. Will report back here with the fix.

This might be an obvious thing, but are the time and date on your computers correct? If this is wrong you will get SSL and other security  errors.

Yeah, they were all ok, as I had tried from several different computers, as well.

Changing MTU from 1500 to 1404 seems to have fixed it, will know better in the morning. How could that minor if a change make all the difference & why would this have all of a sudden become an issue? I'm guessing this could have had an affect on email, as well? Mac & iPhone users were having email issues, too.

Upon further review, yes, things are back to normal in the office.
My question now is since everything I currently have has been in place for over a year, how/why would this just pop up out of nowhere?
I called ISP, who said MTU on their end is set at 9216. How would 1404 vs 1500 make that big of a difference on my end & should I leave as is, or change to match ISP's?

My question now is since everything I currently have has been in place for over a year, how/why would this just pop up out of nowhere?

In fact, changing MTU is not the fix - it can't! MTU is all about performance so having the wrong settings would cause a minor degradation of service and since you never changed it the only improvement would be an increase but this setting would not block or in your case free up secure sites.

Here is an article on MTU that may help yu understand it better: https://www.experts-exchange.com/articles/12615/Unstable-Slow-Performing-Networks-or-VPNs-just-go-grocery-shopping.html

I called ISP, who said MTU on their end is set at 9216. How would 1404 vs 1500 make that big of a difference on my end & should I leave as is, or change to match ISP's?

Your ISP is using JumboFrames (9216). Read the article attached to dial in your exact MTU.

Even though it may appear to be fixed you have not found root cause yet!

1. Are you running DPI-SSL?
2. Have you configured Connection Limiters on Source or Destination?
3. Make sure your logs are configured to record everything.
4. Have you run a Packet Capture yet, if not do so!
5. Is this occurring with every HTTPS connection...is it happening on all HTTPS sites?

Obviously something changed - review the change logs (if you have them). Let me know if you have any other questions!

I initially thought we were being blocked, but what was happening was connection was timing out, but only on certain sites, online banking & CC processing. SonicWall tech support enabled logging to assist in their troubleshooting of the issue & made that change/fix.
Will read the article to see what optimum MTU should be set at & go from there.
as far as answers to your questions:
1) No
2) No
3) Assuming they aren't doing this by default, then No. This Sonic OS so much more granular than the 10 - 15 year old  model I upgraded from, still (trying!) to learn my way around it. If you're wondering how I got it to this point, I had a friend who's got a whole lot more experience with the newer Sonic OS than me & did the upgrade for me.
4) No, can you recommend a good utilty for doing so?
5) Only certain ones, again, it appeared to me that they were timing out because the other end wasn't getting the correct response in a timely manner (?).
Thanks for your follow up!

I don't know if this is still an issue needing assistance, but...

4) Wireshark would be a solid bet.
5) Have you looked at settings like TCP timeout? In your case, you should look at the LAN > WAN zone: https://www.sonicwall.com/en-us/support/knowledge-base/170503894053692

Honestly, the problem has never returned.
Company was sold last Friday, so probably not going to be my uissue to worry about in the future.