Hi All,
As we know understanding why a site is not loading is not easy with XG. I am getting crazy to troubleshoot why this url is not loading:
Here some screenshot.
This thread was automatically locked due to age.
Hi All,
As we know understanding why a site is not loading is not easy with XG. I am getting crazy to troubleshoot why this url is not loading:
Here some screenshot.
Hi Luk,
Take SSH to XG and go to option 4. System console. Type, drop-packet-capture 'host x.x.x.x or website. Post the logs if you discover any drops while requesting the web url. Drop packet capture command shall provide you 90% information on drop packets and their cause.
Thanks
IPS is not catching nothing.
Here the drop-packet output:
console> drop-packet-capture "host 104.84.191.93"
2016-06-20 12:10:35 0139021 IP 104.84.191.93.80 > 192.168.0.7.60217 : proto TCP: 2020576576:2020578016(1440) ack 999959239 win 991 checksum : 39638
0x0000: 4548 05c8 217b 4000 3706 324b 6854 bf5d EH..!{@.7.2KhT.]
0x0010: c0a8 0007 0050 eb39 786f 8d40 3b9a 2ac7 .....P.9xo.@;.*.
0x0020: 5010 03df 9ad6 0000 0a66 c2dc eaea 4afa P........f....J.
0x0030: 658e 5718 256b 9792 5edf 4d51 a462 cc7a e.W.%k..^.MQ.b.z
0x0040: bc3e b314 4173 7d59 adae e5d3 ba85 b086 .>..As}Y........
0x0050: 71ac 4bea ffaa 9eb8 4c81 91e9 57c8 f9c4 q.K.....L...W...
0x0060: 6158 bdd4 8257 36a8 554b a575 e6b7 6fee aX...W6.UK.u..o.
0x0070: e900 fef4 f8f8 bbc7 cf18 c1bd 6543 64d7 ............eCd.
0x0080: 6c57 e1fc 0de7 3c1a 355d e9bc be76 8567 lW....<.5]...v.g
0x0090: 2448 67e4 89e2 1996 75b5 fe62 d4ac aef5 $Hg.....u..b....
0x00a0: c6e5 64d1 a8a2 d546 d53a 4291 c57a ceb5 ..d....F.:B..z..
0x00b0: 1ed1 8852 1d19 64ab 6a89 1c24 41ae da92 ...R..d.j..$A...
0x00c0: eb1c 3c3a a927 b3ea 7224 cb0b 99d5 51e1 ..<:.'..r$....Q.
0x00d0: b715 1e76 8a8d 2e3b 9b7d be2b 13d5 f85a ...v...;.}.+...Z
0x00e0: e28b f8df 8571 f013 1d97 c113 4597 1fa4 .....q......E...
0x00f0: 6312 0111 a224 31e5 e4f7 a2c1 c0d5 a083 c....$1.........
0x0100: 8668 9a39 a92f ead1 a87e 75f0 e8b8 5ab0 .h.9./...~u...Z.
0x0110: 19f5 013a de1a 71f1 6aa9 1d32 5276 8ec4 ...:..q.j..2Rv..
0x0120: 3154 b7f4 f5b0 b318 39fd e988 026d abd2 1T......9....m..
0x0130: b41c 9e9d 17d3 dd2a d4a8 a7ca bed1 53a3 .......*......S.
0x0140: d85c 7a8b 5a2d 97b7 eaf7 6ca3 8db6 bb71 .\z.Z-....l....q
0x0150: 983b ccd0 713d 7b79 293e 7138 bf62 5327 .;..q={y)>q8.bS'
0x0160: bc16 cf72 5556 9757 62c3 3dbd c24b 7d5b ...rUV.Wb.=..K}[
0x0170: bf3e 3a08 8330 901a 412f 1464 399d 49d2 .>:..0..A/.d9.I.
0x0180: 234d da51 7368 b357 d57c 70b5 31a0 4b35 #M.Qsh.W.|p.1.K5
0x0190: c53f 3953 9ccd a7f5 6f25 b33b 29fd 55cb .?9S....o%.;).U.
0x01a0: 3370 105c 5423 9d7a 0af9 de9a 2e60 1b9f 3p.\T#.z.....`..
0x01b0: 590f 87bb c66d e44f d56d 58eb fff8 5e3f Y....m.O.mX...^?
0x01c0: 3b2a f371 0d9e 9583 7931 9144 a315 b5be ;*.q....y1.D....
0x01d0: 6a59 f3f9 b498 cc2e eae9 98a0 245f 09ac jY..........$_..
0x01e0: f7e3 b01d eae7 3088 fcd7 2ff7 d0e6 d364 ......0.../....d
0x01f0: 687f 2d3e 0faf 8bf9 5520 757f 48e3 762f h.->....U.u.H.v/
0x0200: 8ca3 a897 1cc6 493b 8ae3 3c4b 92e0 641d ......I;..<K..d.
0x0210: 9da4 5290 7603 c18a fb15 7c06 36cb fadd ..R.v.....|.6...
0x0220: 7e1e 81cd 7add be54 00db edf6 92bc 9b07 ~...z..T........
0x0230: a769 2835 92b0 971f c65d 613e 8ea9 7b22 .i(5.....]a>..{"
0x0240: d8b8 9725 691a 814e 7aa9 9248 faed 7e14 ...%i..Nz..H..~.
0x0250: 6661 9682 4d93 befc 0f32 ebf5 a533 ad1a fa..M....2...3..
0x0260: c742 4ae8 9e24 dd76 2f76 ace5 eda8 671c .BJ..$.v/v....g.
0x0270: 2759 3bef 8572 d53b 8cd3 7637 8ffa 5010 'Y;..r.;..v7..P.
0x0280: cee2 a81b 8769 0379 120b dd6e 2edc 470d .....i.y...n..G.
0x0290: acf4 90a5 ae6a d6ee a612 64c2 740d db6d .....j....d.t..m
0x02a0: e799 f420 d893 26ba df4e 4329 8884 44af ......&..NC)..D.
0x02b0: 1d25 6137 8bbb 60fb 3276 2a27 22d5 c8b0 .%a7..`.2v*'"...
0x02c0: c24e d84b 43ea 9e24 bdb6 44b3 bcdf eb1f .N.KC..$..D.....
0x02d0: 2669 3be9 f615 9d46 ed30 3101 2779 3be9 &i;....F.01.'y;.
0x02e0: f7fb 59be 8695 af71 9e44 dd08 5136 d0dd ..Y....q.D..Q6..
0x02f0: b6a0 c2b8 a782 a00f 9143 da6f 777b 3212 .........C.ow{2.
0x0300: a190 88d4 4536 6937 6962 1947 2f87 cdb5 ....E6i7ib.G/...
0x0310: ca32 8961 9a20 20b0 5994 c669 9c8b 01b6 .2.a....Y..i....
0x0320: 6337 e634 938e 938c de4e 2319 b462 85b2 c7.4.....N#..b..
0x0330: 4c7e 6c83 3e89 ba22 0093 718a a6f4 9465 L~l.>.."..q....e
0x0340: c1f6 d27e 9ac7 29d8 240d 55c8 ebd8 28b6 ...~..).$.U...(.
0x0350: 7140 6289 8edb fd30 56e6 9a84 451b 7b49 q@b....0V...E.{I
0x0360: af97 0989 0617 32e7 91c9 ed34 1627 911b ......2....4.'..
0x0370: 8984 f1f5 ba68 f189 a063 a700 8296 52d5 .....h...c....R.
0x0380: 41c1 a67d 3751 32ec bcaf c316 6c37 5436 A..}7Q2.....l7T6
0x0390: 9a58 48f4 9482 525e 5696 09ee f6bb c2f6 .XH...R^V.......
0x03a0: 1ae1 5824 27ac 85da 5d2f 4dd4 3e4e 44f7 ..X$'...]/M.>ND.
0x03b0: f22c 4435 e0b9 9bf4 54a0 3225 5194 f039 .,D5....T.2%Q..9
0x03c0: 4c53 9934 671f 8df9 5b61 4f44 b7f2 d48c LS.4g...[aOD....
0x03d0: a959 396b 47a9 a996 c853 ac4d eda6 896d .Y9kG....S.M...m
0x03e0: 2851 038d 8812 534f 5149 140b 1b13 45ed (Q....SOQI....E.
0x03f0: e7a6 9dc2 45da cb7b 3297 8789 1aa4 4e1f ....E..{2.....N.
0x0400: 0349 7b4e ca8c c92c 1d09 453a 2309 a333 .I{N...,..E:#..3
0x0410: 57b1 42ae 99d3 0a1b 639a ea6b c40a fb3d W.B.....c..k...=
0x0420: fa8a 0f45 f542 6720 422b 8fb7 b08c 4238 ...E.Bg.B+....B8
0x0430: 48ba 79b2 5659 5436 778e 296c cb78 3174 H.y.VYT6w.)l.x1t
0x0440: 9175 d295 ffa2 98de 706c e697 1aae 4dbe .u......pl....M.
0x0450: e2b7 4468 4d37 880e 9a74 76fb ccd3 dde8 ..DhM7...tv.....
0x0460: ff0a 7e88 f2b4 2dba 872b 14ee f25e 14e6 ..~...-..+...^..
0x0470: 9848 9eb5 1391 6cac 4371 5890 39fa a103 .H....l.CqX.9...
0x0480: 111f a2ba d2c0 ca40 d234 8bb4 c326 5a05 .......@.4...&Z.
0x0490: 6fbe bb89 164b ed99 e81b dd09 56c6 e728 o....K......V..(
0x04a0: 2f59 6b60 8532 f2ca ba6b 7585 7024 aa8e /Yk`.2...ku.p$..
0x04b0: 8233 7ddd bcab a203 2bf6 866e 8a82 885f .3}.....+..n..._
0x04c0: 30a3 6e60 c59f 487b c7db 122d e28a fa71 0.n`..H{...-...q
0x04d0: d8ef 7783 2813 972b a120 5b73 4fa2 ceed ..w.(..+..[sO...
0x04e0: 5078 c8d6 bcd3 4924 4a2d 4684 4536 2b13 Px....I$J-F.E6+.
0x04f0: 42c4 1284 82f8 82d4 f91b 51de 58a8 c66a B.........Q.X..j
0x0500: 36dd 3c4c 2204 2fae 35ee cb57 dc66 129b 6.<L"./.5..W.f..
0x0510: dd45 d852 c488 9b44 c58f 8b25 e649 bace .E.R...D...%.I..
0x0520: 81c4 9d2c 9520 94af 574e c481 64fd bc07 ...,....WN..d...
0x0530: 0b62 7546 5794 5b34 5342 c461 9ab7 c3a8 .buFW.[4SB.a....
0x0540: ab03 3e89 2282 5b57 ddb4 4482 5838 c58d ..>.".[W..D.X8..
0x0550: 4539 5aa8 fc36 0847 c25a bf2b d171 9d8b E9Z..6.G.Z.+.q..
0x0560: 5086 94a5 fd78 0d1d 85e2 8589 a5ea 35a3 P....x........5.
0x0570: c463 d376 bf1b 8691 b820 9d50 35bc 5351 .c.v.......P5.SQ
0x0580: 39b1 0025 2143 cabb 2961 5709 8744 74d1 9..%!C..)aW..Dt.
0x0590: 895e 3bec 9bb6 4561 24e1 5a08 ae61 fb62 .^;...Ea$.Z..a.b
0x05a0: 62fd 58bc 478c 4af4 9daf 3911 7437 a66e b.X.G.J...9.t7.n
0x05b0: 4228 cce3 65e5 5e2f 569f 8907 d2de 1a38 B(..e.^/V......8
0x05c0: 0c2c 310f bdc2 a6f8 .,1.....
Date=2016-06-20 Time=12:10:35 log_id=0139021 log_type=Firewall log_component= log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=1 outzone_id=0 source_mac=d4:ca:6d:b9:44:7e dest_mac=00:e0:b6:14:b4:21 l3_protocol=IP source_ip=104.84.191.93 dest_ip=192.168.0.7 l4_protocol=TCP source_port=80 dest_port=60217 fw_rule_id=7 policytype=2 live_userid=1 userid=6 user_gp=5 ips_id=5 sslvpn_id=0 web_filter_id=12 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=3 category_id=6 bandwidth_id=45 up_classid=13 dn_classid=131081 source_nat_id=131081 cluster_node=1 inmark=0 nfqueue=0 scanflags=253 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=1 connid=134809865 masterid=937318080 status=1269778048 state=398 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A
2016-06-20 12:10:48 0102021 IP 104.84.191.93.80 > 192.168.1.200.47719 : proto TCP: 2031450095:2031451535(1440) ack 615976661 win 1062 checksum : 17664
0x0000: 4548 05c8 f6eb 4000 3706 5cda 6854 bf5d EH....@.7.\.hT.]
0x0010: c0a8 01c8 0050 ba67 7915 77ef 24b7 0ed5 .....P.gy.w.$...
0x0020: 5010 0426 4500 0000 ad62 b847 c1fd 0b99 P..&E....b.G....
0x0030: 7ebe dfff 32f8 bbd5 f4d4 cad7 d7e2 b666 ~...2..........f
0x0040: 52e9 efff 3c5c 96f0 b928 25fc 4f4b 2b72 R...<\...(%.OK+r
Date=2016-06-20 Time=12:10:48 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=0 outzone_id=0 source_mac=d4:ca:6d:b9:44:7e dest_mac=00:e0:b6:14:b4:21 l3_protocol=IP source_ip=104.84.191.93 dest_ip=192.168.1.200 l4_protocol=TCP source_port=80 dest_port=47719 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=3618468792503369728 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A
Hi,
The log states that the traffic is dropped due from fw_rule ID 7 due to IPS policy configured. Please
Date=2016-06-20 Time=12:10:35 log_id=0139021 log_type=Firewall log_component= log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=1 outzone_id=0 source_mac=d4:ca:6d:b9:44:7e dest_mac=00:e0:b6:14:b4:21 l3_protocol=IP source_ip=104.84.191.93 dest_ip=192.168.0.7 l4_protocol=TCP source_port=80 dest_port=60217 fw_rule_id=7 policytype=2 live_userid=1 userid=6 user_gp=5 ips_id=5 sslvpn_id=0 web_filter_id=12 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=3 category_id=6 bandwidth_id=45 up_classid=13 dn_classid=131081
Check IPS logs and allow the signature inside the ISP policy.
Thanks
Sachin,
which is the trick to understand why the packet has been blocked from IPS in this case?
Drop-packet is helpful when traffic is blocked because the specific port is not opened but in this case fw_rule_id=7, how can we understand why the Policy ID 7 was blocing traffic due to IPS and not Web filter for example?
Thanks.
Hi Luk,
In such cases, Log_ID plays an important role. Check the System Log ID attached by Aditya in my troubleshooting guide and you will know the trick.
Thanks
Does anyone have a definitive guide on how to troubleshoot pages that do not want to load.
What are the steps I need to take to resolve them?
I have pages and some will not load for one reason or another. I often am stumped as they pass through the firewall check and policy check no problem.
I even have the category marked as allow. There must be a guide to show the proceedure using the log. The log itself should have a users guide that is simple.
I have to watch allot of the help people do it to learn.
Can anyone point to a good write up in the help section or a video on Troubleshootin webpages loading and how to properly use the log
Regards Rick M
Unfortunately we don't have an article that completely covers that topic.
I would advise to please raise this as an idea on our KBA suggestions forum.
In the meantime, please PM me with more information regarding your issue as I would like to assist you further.
Regards,
Unfortunately we don't have an article that completely covers that topic.
I would advise to please raise this as an idea on our KBA suggestions forum.
In the meantime, please PM me with more information regarding your issue as I would like to assist you further.
Regards,
