This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Timeout errors on external network users (WAF)

Since installing 9.707-5 we have had several external users who are getting proxy errors (502) and request timeouts when accessing our websites. Doing the same thing locally does not incur the same errors and works fine. This started right after installing the latest patch.

Any ideas on how to troubleshoot? Everything appears to be working just fine and configured correctly, but they continue to have these errors. The back end servers are working just fine so we suspect a communication issue OR a firewall issue.

Running UTM9 on a SG330 HA cluster.

Thanks. Jason

This thread was automatically locked due to age.

Top Replies

BAlfson over 3 years ago in reply to jwerner +1

This is a head-scratcher, Jason. statuscode="500" 500 (internal server error) is the code returned when there's no more specific message available. The 502 error your customer is seeing indicates …

Parents

0 FormerMember over 3 years ago

Hi jwerner,

Thank you for reaching out to the Community!

I'd suggest you check reverseproxy logs on your UTM. If possible, post them on here.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel
0 jwerner over 3 years ago in reply to FormerMember

They did not like my response lol. Here is a snip of the WAF log. I assume this is the reverseproxy log?

2021:08:02-08:03:58 Claimsbridge-1 httpd: id="0299" srcip="98.103.164.98" localip="173.10.176.172" size="120" user="-" host="98.103.164.98" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="54027" url="/Empty.aspx" server="www.claimsbridge.net" port="443" query="" referer="-" cookie="ClaimsBridge2FA=Key=3z0LTyyAv1fy5aiTEiPelxs9B2vl4YSl" set-cookie="ASP.NET_SessionId=glaca0gyyos3fp5k0zer45mk; path=/; HttpOnly; SameSite=Lax" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YQffLvFgJDda3ZjUj9cwpwAAAJE"
2021:08:02-08:23:46 Claimsbridge-1 httpd: id="0299" srcip="98.103.164.98" localip="173.10.176.172" size="1195" user="-" host="98.103.164.98" method="GET" statuscode="500" reason="-" extra="-" exceptions="-" time="129554248" url="/PPO/ManualPricing.aspx" server="www.claimsbridge.net" port="443" query="" referer="">www.claimsbridge.net/Empty.aspx" cookie="ClaimsBridge2FA=Key=3z0LTyyAv1fy5aiTEiPelxs9B2vl4YSl; ASP.NET_SessionId=qh1yaadkn151pgsjczzktxbe; .ClaimsBridge=B3782A32A80EB29395CCEB88C56D420809F3652FDF607C69E4270559517F76860E68D0D53FF1B372286CEEB6D8327F9A5DBE2A11356E0F54CDED1249F060CE4CD866B315EA55976D19FB7197AF4A8013F88CC8C9E0CF6C78CB7E01D4C39E343E70A54932066AD869DF155458F52FA8AE80B4D65A36679F5A6FE4AF4394A56AF6CC524AE800BBB75672C175F4084AE1F0" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YQfjUPFgJDda3ZjUj9cxKwAAAHA"
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jwerner over 3 years ago in reply to FormerMember

They did not like my response lol. Here is a snip of the WAF log. I assume this is the reverseproxy log?

2021:08:02-08:03:58 Claimsbridge-1 httpd: id="0299" srcip="98.103.164.98" localip="173.10.176.172" size="120" user="-" host="98.103.164.98" method="GET" statuscode="302" reason="-" extra="-" exceptions="-" time="54027" url="/Empty.aspx" server="www.claimsbridge.net" port="443" query="" referer="-" cookie="ClaimsBridge2FA=Key=3z0LTyyAv1fy5aiTEiPelxs9B2vl4YSl" set-cookie="ASP.NET_SessionId=glaca0gyyos3fp5k0zer45mk; path=/; HttpOnly; SameSite=Lax" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YQffLvFgJDda3ZjUj9cwpwAAAJE"
2021:08:02-08:23:46 Claimsbridge-1 httpd: id="0299" srcip="98.103.164.98" localip="173.10.176.172" size="1195" user="-" host="98.103.164.98" method="GET" statuscode="500" reason="-" extra="-" exceptions="-" time="129554248" url="/PPO/ManualPricing.aspx" server="www.claimsbridge.net" port="443" query="" referer="">www.claimsbridge.net/Empty.aspx" cookie="ClaimsBridge2FA=Key=3z0LTyyAv1fy5aiTEiPelxs9B2vl4YSl; ASP.NET_SessionId=qh1yaadkn151pgsjczzktxbe; .ClaimsBridge=B3782A32A80EB29395CCEB88C56D420809F3652FDF607C69E4270559517F76860E68D0D53FF1B372286CEEB6D8327F9A5DBE2A11356E0F54CDED1249F060CE4CD866B315EA55976D19FB7197AF4A8013F88CC8C9E0CF6C78CB7E01D4C39E343E70A54932066AD869DF155458F52FA8AE80B4D65A36679F5A6FE4AF4394A56AF6CC524AE800BBB75672C175F4084AE1F0" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="YQfjUPFgJDda3ZjUj9cxKwAAAHA"
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 BAlfson over 3 years ago in reply to jwerner

This is a head-scratcher, Jason.

statuscode="500"

500 (internal server error) is the code returned when there's no more specific message available. The 502 error your customer is seeing indicates "bad gateway." These are causing the timeouts.

Since you're in North America, I would open a support case at support.sophos.com and ask your reseller to have the case escalated.

In the meantime, you might check if the few customers having this problem are all using the same version of the same browser.

Cheers - Bob
Cancel
Vote Up +1 Vote Down

Cancel
0 jwerner over 3 years ago in reply to BAlfson

Thanks! I will do that
Cancel
Vote Up 0 Vote Down

Cancel