Some websites get ERR_TIMED_OUT

Hi FJay,

Thank you for reaching out to Sophos Community.

I apologies for the experienced. Would it be possible to share your case ID. Thank you

Cases 05657043, 05156521and Discussion on this platform : https://community.sophos.com/sophos-xg-firewall/f/discussions/135886/tcp-retransmission-rst-ack---some-websites-not-answering 

Hi FJay,

Thank you for the information. Will further check the issue. 

Hi FJay,

Good day, Upon checking on the cases.

Case 05657043
The case was closed due to No Answer from the Customer side.

Case 05156521
The case was closed as the issue does not reside within Sophos Firewall

Also, based on the screenshot of your SSL/TLS Logs on the previous post, It indicates that "Server did not respond to client Hello"

• Have you tried Excluding the domain by creating a new exception (web > Exceptions > Add) and checking all the skip actions

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Web/Exceptions/index.html

• Can you share the TLS/SSL log when accessing the said sites?

I would recommend creating another case so that it can be properly investigated and kindly share the case#

Hi FJay,

Good day, Upon checking on the cases.

Case 05657043
The case was closed due to No Answer from the Customer side.

Case 05156521
The case was closed as the issue does not reside within Sophos Firewall

Also, based on the screenshot of your SSL/TLS Logs on the previous post, It indicates that "Server did not respond to client Hello"

• Have you tried Excluding the domain by creating a new exception (web > Exceptions > Add) and checking all the skip actions

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Web/Exceptions/index.html

• Can you share the TLS/SSL log when accessing the said sites?

I would recommend creating another case so that it can be properly investigated and kindly share the case#

Hi Erick Jan,

Thank you for looking.

Funny to see how cases like that are closed by Sophos. But that's the past.

Anyway, it seems a lot faster and to the point here. Let's give it a try !

This is what I get in the Firewall logs for one of the site I am trying to reach :

I will add the exceptions as you suggested.
Would I have to continue adding any other site that doesn't work when Sophos is in the chain ?

For the TLS/SSL, could you guide me on where you want me to grab that ? 

I went to TLS/SSL inspection but there is nothing there.

Thank you very mush for your help.

Fab

Hi again,

I went to the Exceptions... and apparently I tried that already (sorry it has been so long we have this issue...)

Is this correct ? 

Hi Fjay,

Upon checking your FW logs, It is being denied.

• Can you create a test policy to allow the said site on the very top.
• Also, create an SSL/TLS Policy with the following if what you said that "I went to TLS/SSL inspection but there is nothing there."

• For Exception, you can try to follow the following link:

 Server did not respond to client hello 

• Can you share your SSL/TLS log after accessing the site like below

Hi Erick Jan,

Thank you again.

I have created a rule at the top : no go.

I added the TLS rule as shown : to no avail. Still ERR_TIMED_OUT.

Here is what I have in logs : 

Does it help ? 

Fab

Hi FJay,

The screenshot you've attached are not visible.

based on the previous FW rule log. It isnt hitting any FW rule logs and is being denied.

Also, kindly add more information concerning the issue,

1. What sites are experiencing err_timed_out

2. Create a test policy to allow any without Web policy

3. Screenshot of  FW logs and the FW rule you've created

4. Screenshot of SSL/TLS configuration and logs after accessing the site.

I would recommend creating a case so that it can be properly investigated,