CFS blocking chatGPT
César_S
Newbie ✭
Hello everyone,
I hope that each one of you are doing well.
I'm having this issue with CFS on a TZ670.
We've someone that is creating code with chatGPT openAI. If i have "Scan HTTPs" enabled on the CFS configurations the code fails.
Error calling ChatGPT API: ClientException with SocketException: Connection reset by peer (OS Error: Connection reset by peer, errno = 104), address = api.openai.com, port = 60912, uri=https://api.openai.com/v1/chat/completions?
Already added api.openai.com to the URl allowed list on the CFS configurations, but still fails. I had to disable the "Scan HTTPs" option, but this stop HTTPs from being scanned.
Do you guys have any idea of what I can do?
Best Answer
-
CORRECT ANSWER
TKWITS
Community Legend ✭✭✭✭✭
"HTTPS content filtering is IP based"
Add the IP addresses of api.openapi.com to the exceptions...
1
Answers
Forgot to mention that I've looked into the logs and also Packet capture, with no luck...
Test outside of the Sonicwall connection and see if it works...
It does work from outside.
Like I said, it doesn't work when i have CFS configured with "Scan HTTPS" enabled. As soon as I turn it off it works ok.
Are you doing DPI-SSL? If so add the URLs to the DPI-SSL exceptions too.
I have it disabled.
The info on the "Enable HTTPS Content Filter" says:
"HTTPS Content Filtering
HTTPS content filtering is IP based, and will not inspect the URL. While HTTP content filtering can perform redirects to enforce authentication or provide a block page, HTTPS filtered pages will be silently blocked."
My guess is that Open AI is using an IP that the firewall isn't really happy with...
I've already tried to create an Access rule with the CIDRs of OpenAI, made the priority 1 and disabled DPI on it, still no luck...
Here?
I'll be honest...that never crossed my mind...
That did the trick, thank you very much.
Thank you, @TKWITS.
@César_S, please consider marking "Did this answer your question?" so that others may benefit.
Happy Monday!
Hello,
Same bug here, same correction given by Sonicwall support.
But still a bug for us on NSA 4700 7.1.1
It seems to be corrected in the latest firmware (7.1.1-7051)
Thank you for letting me know