Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 3829 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PR_END_OF_FILE_ERROR on specific Website with 18.0.1 MR-1-Build396

M Bel

Hello,

I can't access a specific Website (https://www.e-dinar.poste.tn/ or https://e-dinar.poste.tn/ ) through the Sophos XG even though it is accessible without any problems directly.

I am quite sure it was accessible without problems with 18.0.0 GA-Build379. But after Update to 18.0.1 MR-1-Build396 and even a revert back to 18.0.0 GA-Build379 the problem above persists.

I've tested Internet Explorer and Firefox (standard Browser), Firefox gives me PR_END_OF_FILE_ERROR.

For testing purpose all Firewall Rules were disabled and the only Default_Network_Policy Rule was enabled with a completly disabled Web filtering  (no http/https decryption and none web policy applied)

I've tried to add the domain to Protect/WEB/Exceptions/ without any luck. Additionally I disabled Protect/WEB/General Settings/HTTPS decryption and scanning/Block invalid certificates/ without any luck either.

Additionally I tried to add the domain to Protect/Rules and Policies/SSL&TLS Exception Rules/Exclusions per Website/ and added the domain to local TLS Exclusion List without any improvement. 

There are no entries in the log Files and the Policy test for the website results ALLOWED (Green).

I mean with all the configurations above, it should be a pass through for the website but it just does not work.

Could anyone tell me what I can do to make the website accessible from LAN.

If I inspect the Website itself, there is a mix of secured and unsecured elements in it. May be that could be the problem. But why did it work with the older Firmware and now it does not work anymore with the same firmware.

Thank you in advance.

 



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    There is no issue accessing the website with the latest firmware version in lab testing with web proxy enabled. 

    Could you please provide the screenshot of your firewall rules and web proxy settings? 

    Start a packet capture from the firewall by following KBA:  Sophos XG Firewall: How to capture packets and download the Packet Capture

    There might be a local Antivirus software installed on the workstation; please check if it is causing this issue. 

    Thanks,

  • 0 in reply to FormerMember

    Hi,

    thank you for the support.

    Actually the web proxy is not enabled in my configuration.

    I turned most firewall rules off for testing purpose. The only active rule is the #Default_Network_Policy Rule which is linked with its #NAT_Rule (see screenshots below)

    I configured it for testing to be as permissive as possible ( Policy=allow all, No http/https scan/decryption and DPI without web proxy).

    Even though same Problem.

    Local Antivirus is disabled and I got the same problem on another machine without AV on another OS / Browser.

    I will add a PCAP later.

    Thank you again.

  • FormerMember
    0 FormerMember in reply to M Bel

    Hi  

    Thank you for the screenshots. 

    I noticed web policy "Allow All" is selected with the firewall rule. Could you please try with "none" and share your observation? 

    Thanks,

  • 0 in reply to FormerMember

    EDIT: It was not a fault of configuration nor Sophos XG, the Website or Webserver itself was the problem. I contacted the hoster/webmaster and they resolved the problem.

    Hi again,

    Thanks for the reply. But again no luck.

    I tested different very permissive configurations without change.

    Here is a pcap while trying to access the website. The Client Hello is sent and there is an ack from the server but there is no Server Hello to exchange certificate as usual.
    I observed another weird behaviour: Sometimes the website loads but only half of the content shows up ( missing pictures for example). If I reload it immediately, the same error of my first Post shows up.
    I googled and found similar problems on stackoverflow while the issue was related to the MTU set to low values. But my MTU is set to 1500 that should be fine. Different Values did not help either.

    Thank you again for any Hint.

Reply
  • 0 in reply to FormerMember

    EDIT: It was not a fault of configuration nor Sophos XG, the Website or Webserver itself was the problem. I contacted the hoster/webmaster and they resolved the problem.

    Hi again,

    Thanks for the reply. But again no luck.

    I tested different very permissive configurations without change.

    Here is a pcap while trying to access the website. The Client Hello is sent and there is an ack from the server but there is no Server Hello to exchange certificate as usual.
    I observed another weird behaviour: Sometimes the website loads but only half of the content shows up ( missing pictures for example). If I reload it immediately, the same error of my first Post shows up.
    I googled and found similar problems on stackoverflow while the issue was related to the MTU set to low values. But my MTU is set to 1500 that should be fine. Different Values did not help either.

    Thank you again for any Hint.

Children
No Data