Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 7863 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Lost connection to internet websites yet could ping urls.

Simon Poke

Good Morning,

 

We had a strange problem with our firewall this morning.  We could not access the internet from within our network (web page could not be displayed) yet I could ping the websites both by their IP and their url.  I could also ping the firewall but could not connect to the web admin.  Stranger still our medical system is hosted remotely and accessed via https yet we WERE able to access this!  The only difference between this and other websites is that the IP of this is in the host file on all PCs.  But if it was a DNS issue I would not be able to resolve other internet addresses.

Remote SSL VPN users also could not connect.

We manually rebooted the firewall and now have full connection back, but I need to work out what caused this problem so I can prevent it happening again.  (And so I have some answers when I get asked what happened!)

I have recently (last weekend) updated to the latest version of UTM9 (9.506-2)

 

If anyone has any idea what might have been going on your help would be much appreciated!  I was going to check log files but I'm not sure where to start!



This thread was automatically locked due to age.
  • 0

    Hi Simon and welcome to the UTM Community!

    There are just too many questions we'd need to ask you first.

    Please compare your configuration to DNS best practice and Configuring HTTP/S proxy access with AD SSO.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    good evening

    I had exactly the same problem (web page could not be displayed)...

    I and Sophos Support checked everything that could be verified.

    Only solution for me was a factory default settings.

  • 0 in reply to BAlfson

    Hi Bob,

     

    Thanks for your response.

    I have checked through your best practice and there are quite a few differences in our DNS settings.  We have "Extenal Network" on the "allowed networks" for DNS.  We also have 2 IPs given by our ISP rather than Google's one.  Is it better to change this to Google's DNS?  In request routing the domain is written as yourdomain.loc instead of "20.16.172.in-addr.arpa" as suggested, however the UTM still lists machine names in logs not IPs.  Our internal DNS server point to 2 NHS IP addresses first then the UTM.  This was changed due to problems we had sending emails to NHS addresses.

    The SSO is set up as specified in your article and works as described.  However when the proxy setting is turned on in IE I cannot connect to the UTM webadmin.  (I have "bypass proxy for local addresses" checked and it works for all other internal sites.)

    Do you think my DNS settings may have been a potential cause?  The issue has not occurred since so there will not be any way to test if any changes work unless it happens again.

  • +1 in reply to Simon Poke

    Great, thoughtful response, Simon.  You would want entries for both yourdomain.loc and 20.16.172.in-addr.arpa in Request Routing, so I don't understand how Reporting shows machine names instead of IPs.  You probably don't get any benefit from having "External (Network)" in 'Allowed Networks' for DNS.  Some ISPs hijack DNS, thus interfering with the SMTP Proxy's use of RBLs - if you're not using Mail Protection or your ISP is not hijacking DNS, the use of Google or other is less important.  However, I wonder if the issue isn't indeed with using NHS' DNS servers.

    Yes, skipping the Proxy to access WebAdmin is usual.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thanks for your help Bob, I will add the extra entry in Request Routing and remove "External (Network)" from the DNS allowed networks.

    We do use mail protection on this UTM so perhaps I should change the DNS forwarder to Google.  We do often find incoming mail can be delayed up to 20 minutes although I think this is more likely to be due to the NHS DNS servers being the primary forwarders on our internal DNS server.  I need to have a play around with these out of hours.

    The connection problem may have been a one off, but if it does happen again I will try moving the UTM to the top of the DNS forwarders list in our internal DNS server to see if that helps.

    Thanks again!

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML