Some websites get ERR_TIMED_OUT

Did you give more infos in your earlier/older post?

I find your explanations very unclear and unspecific:

1. You switched off filtering for testing, ok. But do you use the proxy, if yes, which mode? Did you implement a MASQ rule for the ISP uplink port?

2. You "checked" the DNS? How? Show us the configuration. please. (paste screenshot)

3. At least we know the release version your are on.

4. Do you have a second firewall with HA in place? Is your cabling correct?

5. What do you mean by "changed the internet connection"? Do you have different providers you can use alternatively?

We are volunteers trying to help, but we do not have a crystal ball.

Hi Philip,

Thank you for the reply.

Sorry if it is unspecific. I'll try to make it clearer.

2 Sites, both in HA.

One Has XG2100 (19.0.1) and the other XG2300 (19.5MR1).

1. There is no upstream proxy. I don't get MASQ on the uplink port. MASQ is linked to the FW rule

2. Here you go.

3. 19.0.1 on one site and 19.5MR1 on the other.

4. I have checked the cabling on both sites, change from HA A/A to A/P, remove HA. Remove second appliance completely, remove the second internet line, change the internet line. I have replaced the XG2100 by a UDMPro to test and discard any other equipment -> This is working like a breeze.
5. Yes indeed. On one site I have Telefonica and Orange. On the other I have Proximus and Colt.

I am sorry if it was not clear enough and I am happy to add anything that might help.

This is what I get...

Thank you very much for your time.

Fab

Hi FJay,

Thank you for reaching out to Sophos Community.

I apologies for the experienced. Would it be possible to share your case ID. Thank you

Could you try using IPv4 DNS resolution only? Disable IPv6?

Tried all the options to no avail.

I tried also no IPv6 address and any combination of internal DNS, ISP DNS and Google/Cloudflare DNS.

Cases 05657043, 05156521and Discussion on this platform : https://community.sophos.com/sophos-xg-firewall/f/discussions/135886/tcp-retransmission-rst-ack---some-websites-not-answering 

Hi FJay,

Thank you for the information. Will further check the issue. 

Hi FJay,

Good day, Upon checking on the cases.

Case 05657043
The case was closed due to No Answer from the Customer side.

Case 05156521
The case was closed as the issue does not reside within Sophos Firewall

Also, based on the screenshot of your SSL/TLS Logs on the previous post, It indicates that "Server did not respond to client Hello"

• Have you tried Excluding the domain by creating a new exception (web > Exceptions > Add) and checking all the skip actions

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Web/Exceptions/index.html

• Can you share the TLS/SSL log when accessing the said sites?

I would recommend creating another case so that it can be properly investigated and kindly share the case#

Hi Erick Jan,

Thank you for looking.

Funny to see how cases like that are closed by Sophos. But that's the past.

Anyway, it seems a lot faster and to the point here. Let's give it a try !

This is what I get in the Firewall logs for one of the site I am trying to reach :

I will add the exceptions as you suggested.
Would I have to continue adding any other site that doesn't work when Sophos is in the chain ?

For the TLS/SSL, could you guide me on where you want me to grab that ? 

I went to TLS/SSL inspection but there is nothing there.

Thank you very mush for your help.

Fab

Hi again,

I went to the Exceptions... and apparently I tried that already (sorry it has been so long we have this issue...)

Is this correct ?