Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 20 replies
  • Subscribers 2 subscribers
  • Views 15484 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can someone else please test this website?

Marshall
Hey guys,

I'm having a problem reaching this site http://www.asecho.org from behind my ASG 525.  From a test DSL connection I can get to the website.  But behind my Astaro I see a page that says: Site not found - Error DML001.  I'm pretty much trying to rule out the ASG.  FYI I'm not using the HTTP proxy.  Just straight up packet filtering.  Thanks in advance.


This thread was automatically locked due to age.
  • 0
    Works here.

    FYI ... Software Install on a Custom Appliance, Version 8.203, with Web Filtering Enabled (Standard / SSO Mode).

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Thanks for checking.  It's very odd because from DSL or Cable internet test connections it works.  But behind the ASG it's a no go.  Any thought on what to check would be much appreciated.  Thanks again
  • 0 in reply to Marshall
    I'm not familiar with that error, looks like a non ASG error.  Care to post a screenshot?

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Screen shot as requested.  It's weird man!  In 16 years of doing this I've never seen this error.  I would think it's a web server error except from test DSL / Cable connections it works fine.  BTW it's not my web site.  I just have users on my network trying to get to it.  I've taken tcpdumps on the firewall and used fiddler and wireshark to try and see what's wrong.  But nothing is really hopping out at me.  Anyhow, screenshot is attached.  Hit me back if you or anyone out there has any ideas.
  • 0
    Quick update / note.  I ran another tcpdump on the astaro and I'm seeing [TCP Segment of a reassembled PDU].  Any thoughts?
  • 0 in reply to Marshall
    Not an Astaro Error...

    However, something may be happening in the Astaro that is mangling the request, etc.

    Start by creating a proxy exception for the site (or turning it off temporarily) -- then you can try disabling app. control (or IM/P2P) , and / or IPS, and see which, if any, component affects it.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    I ran a curl on the ASG.  And I even get the error from the firewall:
    FirewallName:/home/login # curl Home Page - American Society of Echocardiography                                     
                    

    Site not found



    Error DML001

    FirewallName:/home/login #

    Using Fiddler on the site when I test from DSL I'm getting a HTTP/1.1 302 Moved Temporarily.  And it redirects me to the same server but a different path.  From behind the firewall I never see this 302 and redirect.
  • 0 in reply to Marshall
    DNS, maybe?  are you using the HTTP Proxy?  Try flushing the ASGs DNS Cache.

    Never Mind -- I see you do not have Proxy enabled.  If you are using the Astaro as your DNS forwarder, clear its cache.  If you are using a local server, clear its cache.  If you are using one of the public DNS services, try another one.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0
    Not using the http proxy, IM/P2p, or IPS on this unit.
  • 0
    some isps have transparent http proxies that they proxy their users through..you might be behind an invisible http proxy.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Cookie Information Banner