Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Issue with one vendor website, unable to connect

I have a physicians practice thats lost access to one of their imaging vendors. They have a TZ400 with the latest firmware. They can get to the main website but not the physician portal where they need to review images. It just started happening. They were a few revs out of current on firmware, so we updated that. The same time out happens on multiple computers, wifi and wired, every browser.

They are on a decent internet connection and the issue is with one website. Every browser is current, antivirus has been double checked, pings etc. I connected one of the computers at the practice to a neighboring guest wifi ap and the site in question runs just fine. The guest wifi is connected to the same ISP (Cox). I have talked to the vendors IT support (very little insight). I have the same ISP and firewall at my main office and the same site works fine.

Security services have been disabled to test. The site has been added to the allowed list as well.

https://www.simonmed.com - main site, works fine

https://go.simonmed.com - physician launchpad - Time Out

https://images.simonmed.com - physician portal - Time Out

I have the same ISP at home and the same browser versions, same A/V, different firewall, works fine. I have not been able to go onsite and power the cable modem down. It wont allow a remote shutdown. I have checked tracerts/pathpings from their office and mine and they are comparable. I am getting nothing in the firewall logs. I am getting nothing in the browser console i get ERR_CONNECTION_TIMED_OUT from chrome.


Any avenues i might investigate? I am trying to get the office to reset the cable modem. the last real hardware piece i havent been able to touch.


Many Thanks

Category: Entry Level Firewalls
Reply

Answers

  • shiprasahu93shiprasahu93 Moderator

    Hello @Dantell,

    Welcome to SonicWall community.

    I see that all three websites belong to Category 26: Health, and Category 15: Business and Economy of CFS, so it is unlikely that CFS service is a problem.

    When I perform DNS lookups, I see that the main website resolves to 45.33.109.66 but the others are resolving to 74.206.98.91 and 74.206.98.93 respectively. The best way to figure out the issue would be doing a packet capture and looking for those destination addresses to find out if the firewall is dropping them or there is just no reply coming back.

    It is worth testing the MTU as well.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Dantell

    is DPI-SSL enabled? Did you checked for any connection failures? You're running 6.5.4.6 on that appliance?

    --Michael@BWC

  • LarryLarry Enthusiast ✭✭

    Does access to these sites work if you change the firewall's DNS to 9.9.9.9 (Quad9) or 1.1.1.1 (Cloudflare)?

  • DantellDantell Newbie ✭

    Thank you all for the responses.

    DPI-SSL and all other security services were disabled for testing, no change.

    On my test device i changed DNS to google. When i switched to the public wifi, it worked as expected.

    Everything had been working fine, the tz400 has been in place for 9+ months.

    I will break out wireshark and go to work.


    thanks again.

  • NatNat Newbie ✭

    Hi @Dantell ,

    I think is could be the vendor issue. my home is not using sonicwall but I also fail to access the image site.

    Maybe they have WAF blocking the connection? The sub site is not locating in same spot of main site.


  • DantellDantell Newbie ✭

    Update,


    No real change. Thanks for checking access from your sites. Yes 6.5.4.6, firmware.

    I ran Captures from the Sonicwall and from the workstation. On the workstation i am seeing the SYN packets attempting the connection, then a bunch of TCP Retransmissions, a few more SYN packets and then RST, ACK packets back from the IP in question.

    From the sonicwall capture i see the same except the no RST, ACK's.

    We've reset the rest of the devices in the signal path. I have a call back out to the vendor.

  • shiprasahu93shiprasahu93 Moderator

    Thanks for the update @Dantell. Keep us posted!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.