Issue with one vendor website, unable to connect
I have a physicians practice thats lost access to one of their imaging vendors. They have a TZ400 with the latest firmware. They can get to the main website but not the physician portal where they need to review images. It just started happening. They were a few revs out of current on firmware, so we updated that. The same time out happens on multiple computers, wifi and wired, every browser.
They are on a decent internet connection and the issue is with one website. Every browser is current, antivirus has been double checked, pings etc. I connected one of the computers at the practice to a neighboring guest wifi ap and the site in question runs just fine. The guest wifi is connected to the same ISP (Cox). I have talked to the vendors IT support (very little insight). I have the same ISP and firewall at my main office and the same site works fine.
Security services have been disabled to test. The site has been added to the allowed list as well.
https://www.simonmed.com - main site, works fine
https://go.simonmed.com - physician launchpad - Time Out
https://images.simonmed.com - physician portal - Time Out
I have the same ISP at home and the same browser versions, same A/V, different firewall, works fine. I have not been able to go onsite and power the cable modem down. It wont allow a remote shutdown. I have checked tracerts/pathpings from their office and mine and they are comparable. I am getting nothing in the firewall logs. I am getting nothing in the browser console i get ERR_CONNECTION_TIMED_OUT from chrome.
Any avenues i might investigate? I am trying to get the office to reset the cable modem. the last real hardware piece i havent been able to touch.
Many Thanks
Answers
Hello @Dantell,
Welcome to SonicWall community.
I see that all three websites belong to Category 26: Health, and Category 15: Business and Economy of CFS, so it is unlikely that CFS service is a problem.
When I perform DNS lookups, I see that the main website resolves to 45.33.109.66 but the others are resolving to 74.206.98.91 and 74.206.98.93 respectively. The best way to figure out the issue would be doing a packet capture and looking for those destination addresses to find out if the firewall is dropping them or there is just no reply coming back.
It is worth testing the MTU as well.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Hi @Dantell
is DPI-SSL enabled? Did you checked for any connection failures? You're running 6.5.4.6 on that appliance?
--Michael@BWC
Does access to these sites work if you change the firewall's DNS to 9.9.9.9 (Quad9) or 1.1.1.1 (Cloudflare)?
Thank you all for the responses.
DPI-SSL and all other security services were disabled for testing, no change.
On my test device i changed DNS to google. When i switched to the public wifi, it worked as expected.
Everything had been working fine, the tz400 has been in place for 9+ months.
I will break out wireshark and go to work.
thanks again.
Hi @Dantell ,
I think is could be the vendor issue. my home is not using sonicwall but I also fail to access the image site.
Maybe they have WAF blocking the connection? The sub site is not locating in same spot of main site.
Update,
No real change. Thanks for checking access from your sites. Yes 6.5.4.6, firmware.
I ran Captures from the Sonicwall and from the workstation. On the workstation i am seeing the SYN packets attempting the connection, then a bunch of TCP Retransmissions, a few more SYN packets and then RST, ACK packets back from the IP in question.
From the sonicwall capture i see the same except the no RST, ACK's.
We've reset the rest of the devices in the signal path. I have a call back out to the vendor.
Thanks for the update @Dantell. Keep us posted!
Shipra Sahu
Technical Support Advisor, Premier Services