XG135 (SFOS 16.01.2) is blocking unknown protocol traffic by default

Hi Kumar,

I am using the same settings on my test XG right now and everything works fine on my end. Is there any particular website that is causing this issue? Show us few log lines from the advance shell> awarrenhttp.log.

Thanks

Hi Sachin,

Yes it is a particular website i.e. of our organization with Server IP - 220.227.24.121. It is being blocked, although all the site URLs pertaining to our organization is added under exception, but don't know why there is such issue.

Please suggest.

Thanks,

Kumar 

Hi Sachin,

Yes it is a particular website i.e. of our organization with Server IP - 220.227.24.121. It is being blocked, although all the site URLs pertaining to our organization is added under exception, but don't know why there is such issue.

Please suggest.

Thanks,

Kumar 

Hi Kumar,

DM me the URL and a screenshot of the block or error page that you receive. Show me a picture of HTTPS exception policy and the configured URL(s).

Thanks

Hi Kumar,

Thanks for all the information you DM'ed me. I see in the packet inspector tool that the website is hosted on a particular IP address;which is not "220.227.24.121". Next in the web filter category here, add basic domains like lntecc.com instead of www.lntecc.com, alongside in the keyword section add few keywords in a manner below:

lntecc, ltindia, larsentoubro, ecampus, etc.

I see from the packet inspector that the request on www.lntecc.com is communicated on port 80 but, the request for www.lntecc.com/eiplogin.aspx is then generated on port 443. This shouldn't be an issue if all the service ports are allowed through the firewall rule.

I would recommend you to configure a FW-rule on the TOP, where the destination network should be the IP address I will DM you.

Next, keep the web filter and application filter defined "None" and the primary gateway set to a specific ISP not Load Balanced.

Hope that helps.