Website Browsing / Proxy Issues

Follow

parsoli

• October 13, 2021 19:04

I have numerous windows systems behind a FWG.  Two of them are corporate owned and use a Symantec/Broadcom WSS for web browsing security.  Which basically is a proxy that funnels http(s) requests thru Symantec's cloud.

A few times per day, these two windows machines will not be allowed to access websites.  Every browser known to man will report "ERR_TUNNEL_CONNECTION_FAILED".  When this happens, it's a problem for 1-5 minutes then it clears and we're back in business.

I have 5000 users in North America using the same Symantec product.  We're not hearing reports on this issue from our users and for my other windows computers in my home office....when this issue occurs on the work computers, the home computers are just fine.

So I have it in my head that maybe it's a DNS related issue with using the FWG as the primary dns server and this proxy redirect occurring with the client-based solution.  Anyone having similar challenges with WSS or Cisco Umbrella, etc...?

0

• 

  Firewalla

  • October 14, 2021 04:51

  When the problems happen, is it possible to do some basic testing? 

  • ping fire.walla
  • ping 1.1.1.1
  • nslookup firewalla.com

  and see which one fails. This may point to the ISP/cloud issue.

  Also, turn off adblocker and DoH and see if the problems go away. (I assume some part of your symantec cloud also goes local)

   

  0

  Comment actions Permalink
• 

  parsoli

  • October 25, 2021 12:59

  cannot ping 'fire.walla' but can ping firewalla which resolves/responds

  can ping 1.1.1.1 successfully

  NSLookups work as expected.

  This may be an issue with a corporate web proxy that hijacks the browser via a .pac file that redirects to an SSL loopback that pushes 80/443 queries to BlueCoat.  Still investigating.

  0

  Comment actions Permalink
• 

  parsoli

  • October 25, 2021 19:34

  Just had it occur again.

   

  PS C:\Users\xxxx> ping firewalla

  Pinging firewalla.local [192.168.1.1] with 32 bytes of data:
  Reply from 192.168.1.1: bytes=32 time=1ms TTL=64
  Reply from 192.168.1.1: bytes=32 time=1ms TTL=64
  Reply from 192.168.1.1: bytes=32 time=1ms TTL=64
  Reply from 192.168.1.1: bytes=32 time=2ms TTL=64

  Ping statistics for 192.168.1.1:
  Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
  Minimum = 1ms, Maximum = 2ms, Average = 1ms
  PS C:\Users\xxxx> ping 1.1.1.1

  Pinging 1.1.1.1 with 32 bytes of data:
  Reply from 1.1.1.1: bytes=32 time=15ms TTL=58
  Reply from 1.1.1.1: bytes=32 time=15ms TTL=58

  Ping statistics for 1.1.1.1:
  Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
  Minimum = 15ms, Maximum = 15ms, Average = 15ms
  Control-C
  PS C:\Users\xxxx> nslookup
  Default Server: firewalla.inc.lan
  Address: 192.168.1.1

  > firewalla
  Server: firewalla.inc.lan
  Address: 192.168.1.1

  *** firewalla.inc.lan can't find firewalla: Non-existent domain
  > firewalla
  Server: firewalla.inc.lan
  Address: 192.168.1.1

  *** firewalla.inc.lan can't find firewalla: Non-existent domain
  > firewalla.com
  Server: firewalla.inc.lan
  Address: 192.168.1.1

  Non-authoritative answer:
  Name: firewalla.com
  Address: 23.227.38.32

  0

  Comment actions Permalink
• 

  Firewalla

  • October 26, 2021 04:10

  The results are all good ... next time, can you try to change the device having issue to emergency access on? (tap on devices->tap on device->turn on emergency access) see if this solves the issue

  0

  Comment actions Permalink

Please sign in to leave a comment.