Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 7062 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange issue for seemingly random websites

richjones

Hi all, bit of a strange one this.

For the past few weeks a couple of the machines on our network are having sometimes intermittent issues when visiting various websites. I initially wasn't too convinced that this issue was to do with the XG we have installed, however, due to having to swap over to a backup internet connection last week that bypassed the XG I am fairly convinced the following is to do with the XG (due to the fact the issue was gone while the XG was out of the system).

So, on a couple of machines it seems like some websites either a) do not resolve correctly or b) do not fully load. It is also fairly intermittent. Ie one of the websites that this has been happening on for me now works, however some of the pages do not... For example:

http://younggodrecords.com/ works fine, however previously it had not been. If I navigate to one of the pages, I only see the following:

Now, looking at what is happening, it appears that the <head> of the website is not fully loading, or it is not pulling in whatever scripts it requires. This happens on various other sites.

So, I don't really know where to start with this, nothing has changed on the XG recently. Does anyone have any ideas?

Cheers



This thread was automatically locked due to age.
  • 0

    One thing I have noticed is that every site that this happens on, 0 is the last thing displayed on the page. I have also seen a 400 response at the bottom from time to time.

    Also, this behaviour is not limited to one browser. Same thing happens regardless of browser.

    Not sure if that is anything of use.

  • 0 in reply to richjones

    Hi RichardJones1, 

    Could you check your rules the traffic is traversing through ? Any Web filter / application /IPS logs found that is dropped and then the issue recurs again ?

    What are the DOS settings implemented on your XG ?

  • 0

    Hi Richard,

    Concatenate my suggestion with Aditya's answer. Check #1 in my guide here.

    Any help?

  • 0 in reply to Aditya Patel

    Hi, I have disabled the DOS Protection and DOS & Spoof Protection temporarily. Also the traffic rules are currently bare minimal, I now simply have the basic Lan > Wan network policy with the generalpolicy attached.

     

    I don't see anything specific standing out in the IPS logs.

  • 0 in reply to sachingurung

    Looking at the packet capture logs for younggodrecords.com/23.227.38.32 I'm not seeing any dropped packets...

  • 0 in reply to richjones

    I'm actually beginning to think that there is possibly something wrong with the machine that these issues are occurring on.

    The machine is a Mac and I just launched a localhost machine using MAMP, where I get the same issue reported, however if I go onto another machine and go to the static IP of the machine running the localhost server, all is fine. In theory the request wouldn't hit the XG and just get routed by the switch?

  • 0 in reply to richjones

    Hi RichardJones1, 

    The simple way to check if the issue with the device or not is by capturing the Packet and verify with the working PCAP .  You may also try to create a Temp Bypass rule for that system based on MAC address and capture it then . This would clarify the root cause of this issue .

    As for DOS settings you may apply them as per below 

    Source side only

    SYNC 2500

    UDP 5000

    TCP none 

    ICMP optional 

    create BYPASS rule for port UDP:443 and UDP:53 under DOS settings