Problems accessing secure sites

All of a sudden last Friday, users have started having problems accessing some secured (banking, CC processing) sites & I'm not finding any indicators as to why.
I'm running a sonicwall TZ 300 & can't seem to find any info in any log files that would point me in the right direction. when going to certain sites, I just get a waiting for site message on tab & page never loads.
any suggestions?
LVL 1
gromackAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi gromack,

Are you running DPI-SSL?
Make sure your logs are configured to record everything.
Have you run a Packet Capture yet, if not do so!

Is this occurring with every HTTPS connection...is it happening on all HTTPS sites?

Obviously something changed - review the change logs.

Let me know if you have any questions!
0
gromackAuthor Commented:
Here's a dumb question - where do I enable logging for everything?
I went from a sonicwall that was about 12 years old, running a very much older version of sonic OS & am still learning my way around this new & improved version!
Again, I can't stress enough that all this was working just fine, until Friday. What could have happened to change that?
0
gromackAuthor Commented:
If I use a different browser, I'm getting a timed out message
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

John ChumaCommented:
Do you have 2 ISPs setup in the SonicWALL?
0
gromackAuthor Commented:
No
0
Blue Street TechLast KnightCommented:
You didn't answer any of my questions...please address those in my first comment so I can help you!
0
gromackAuthor Commented:
Squeaky wheel has left for the day & I got shifted in another direction. Didn't realize I still had support contract on it, too & am calling Sonicwall tech support. Will report back here with the fix.
0
Mal OsborneAlpha GeekCommented:
This might be an obvious thing, but are the time and date on your computers correct? If this is wrong you will get SSL and other security  errors.
0
gromackAuthor Commented:
Yeah, they were all ok, as I had tried from several different computers, as well.
0
gromackAuthor Commented:
Changing MTU from 1500 to 1404 seems to have fixed it, will know better in the morning. How could that minor if a change make all the difference & why would this have all of a sudden become an issue? I'm guessing this could have had an affect on email, as well? Mac & iPhone users were having email issues, too.
0
gromackAuthor Commented:
Upon further review, yes, things are back to normal in the office.
My question now is since everything I currently have has been in place for over a year, how/why would this just pop up out of nowhere?
I called ISP, who said MTU on their end is set at 9216. How would 1404 vs 1500 make that big of a difference on my end & should I leave as is, or change to match ISP's?
0
Blue Street TechLast KnightCommented:
My question now is since everything I currently have has been in place for over a year, how/why would this just pop up out of nowhere?
In fact, changing MTU is not the fix - it can't! MTU is all about performance so having the wrong settings would cause a minor degradation of service and since you never changed it the only improvement would be an increase but this setting would not block or in your case free up secure sites.

Here is an article on MTU that may help yu understand it better: https://www.experts-exchange.com/articles/12615/Unstable-Slow-Performing-Networks-or-VPNs-just-go-grocery-shopping.html

I called ISP, who said MTU on their end is set at 9216. How would 1404 vs 1500 make that big of a difference on my end & should I leave as is, or change to match ISP's?
Your ISP is using JumboFrames (9216). Read the article attached to dial in your exact MTU.

Even though it may appear to be fixed you have not found root cause yet!

  1. Are you running DPI-SSL?
  2. Have you configured Connection Limiters on Source or Destination?
  3. Make sure your logs are configured to record everything.
  4. Have you run a Packet Capture yet, if not do so!
  5. Is this occurring with every HTTPS connection...is it happening on all HTTPS sites?

Obviously something changed - review the change logs (if you have them). Let me know if you have any other questions!
0
gromackAuthor Commented:
I initially thought we were being blocked, but what was happening was connection was timing out, but only on certain sites, online banking & CC processing. SonicWall tech support enabled logging to assist in their troubleshooting of the issue & made that change/fix.
Will read the article to see what optimum MTU should be set at & go from there.
as far as answers to your questions:
1) No
2) No
3) Assuming they aren't doing this by default, then No. This Sonic OS so much more granular than the 10 - 15 year old  model I upgraded from, still (trying!) to learn my way around it. If you're wondering how I got it to this point, I had a friend who's got a whole lot more experience with the newer Sonic OS than me & did the upgrade for me.
4) No, can you recommend a good utilty for doing so?
5) Only certain ones, again, it appeared to me that they were timing out because the other end wasn't getting the correct response in a timely manner (?).
Thanks for your follow up!
0
masnrockCommented:
I don't know if this is still an issue needing assistance, but...

4) Wireshark would be a solid bet.
5) Have you looked at settings like TCP timeout? In your case, you should look at the LAN > WAN zone: https://www.sonicwall.com/en-us/support/knowledge-base/170503894053692
0
gromackAuthor Commented:
Honestly, the problem has never returned.
Company was sold last Friday, so probably not going to be my uissue to worry about in the future.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.