Random websites stop loading - DNS ??

OK, Ed, a gut-level WAG...

Delete the  OpenDNS/Google Availability Group in Forwarders from the DNS proxy [Apply], re-enter it [Apply] and, finally, flush the DNS cache.  Any luck with that?

Cheers - Bob

I have tried this and tried just running with only the checkbook for my ISP's DNS servers. I have flushed DNS in utm9, workstations, and my AD dns ssrvers. I've pointed my workstations directly to the UTM9 and/or Google without any difference

Ed

Bob,

I proceeded to do the restore process you recommended. I've had many problems but finally got UTM running on a vanilla build and I can't restore my backup. Every time I restore the backup, the system goes unresponsive. I've tried everything I can think of to try to reconnect and it doesn't respond. I've even tried to plug my internal network to any of the 3 NIC's to see if the internal network has switched to another nic. This wasn't successful. I've tried booting with the USB backup plugged in and also tried to restore in the GUI setup where I can choose to restore during initial setup.

My current status is that I'm up and running on a vanilla build without any of my rulesets or definitions

The only thing I see that's looks different (took a screenshot of the interfaces page) is that my nic's have changed.

Before the wipe, they were like this:

DMZ on eth1
External (WAN) on eth2
Internal on eth0

now after the install:

DMZ on eth1
External (WAN) on eth0 << Different
Internal on eth2

I haven't removed or added any hardware. All ethernet jacks and cables were labeled so they are still plugged in the same. I Just reinstalled and reapplied my backup I took today (I also saved some from earlier). I'm thinking the ethernet adapters are not being detected in the same order during the setup/build and this is causing the restore to bind the internal linux ethernet adapters incorrectly and UTM is applying the "Friendly" names to adapters causing it to break somehow.

I'm thinking if someone can tell me how to change the eth[x] in linux via the cli to how they were configured originally before the wipe, my restore will work

Do you have any ideas on what I can attempt to change this so I can restore my backup?

I'm now on about 4 hours of trying to fix this mess.

Looking forward for your help :)

Ed

###UPDATE###

so, I realized that if I disabled the onboard NIC, I would be able to ensure that eth0 wouldn't bind to that nic. I did that and booted up and got the two NIC's to have the correct eth[x] order. But, I ended up having my "Internal" on the "DMZ" and vice-versa. Once I got up, I then restored my backup, allowed WebAdmin from both DMZ and Internal and rebooted. This is when I enabled my internal NIC (on boot). Once the system was up, I connected to the WebAdmin from the DMZ and added the External (WAN) interface and rebooted. (Order may be slightly different as I'm asleep now).

All seems to be working...

Whew...

Going to bed now :|

Ed

To permanently change the NIC order, Ed, do the following:

# edit /etc/udev/rules.d/70-persistent-net.rules

Save the file and then restart the ASG so the new order is loaded.

Cheers - Bob

I followed that recommendation from this site: https://networkguy.de/?p=577

The friendly names and connections followed as well. 

Anyway, that's fixed.

the ORIGINAL problem where sites don't load with one of these errors below still occurs:

ERR_CONNECTION_ABORTED or ERR_CONNECTION_RESET

Ed

Bob, wanted to follow up. The problem I have is still occurring. I don't know what to do next. I really have no evidence in logs to point me in a direction that makes sense.

Any other thoughts?

Ed

I think I would blame this on something other than the settings in WebAdmin.  Maybe your hardware, maybe the ISP's modem, maybe your ISP's other settings/hardware.  Sometimes, I have to reboot the modem and the UTM at home to get DNS going again.

Cheers - Bob

Bob,

I'm still having issues here :( I've rebuilt my firewall, replaced nic's. There is something in my settings that I'm not finding. I beleive I've followed all the rulz but something I'm missing. 

Currently, this problem seems related to mostly google services. Here is an example below. This is a simple attempt to upload a video to youtube. the site works but the upload fails. I have https allowed.

2017:05:25-21:50:59 tonka ulogd[10326]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth3" srcmac="00:16:41:ee:6d:7c" dstmac="00:1e:2a:c8:e6:e9" srcip="192.168.0.178" dstip="172.217.6.1" proto="17" length="1378" tos="0x00" prec="0x00" ttl="127" srcport="57976" dstport="443" 
2017:05:25-21:50:59 tonka ulogd[10326]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth3" srcmac="00:16:41:ee:6d:7c" dstmac="00:1e:2a:c8:e6:e9" srcip="192.168.0.178" dstip="172.217.6.13" proto="17" length="1378" tos="0x00" prec="0x00" ttl="127" srcport="57974" dstport="443"

Totally stumped!

EddieRock 

Drop from fwrule="60002", the Packetfilter logfiles on the Sophos UTM should give you more information.

Any helps?

yes, 60001 did help. Thanks!

For some reason, outbound 443 traffic is using UDP. Ugh! I fixed that rule. It must not be https?

I thought that would fix the problems I'm having with logging into Google / Youtube services. I still get a connection reset (ERR_CONNECTION_RESET). This is typically with Google. I also see it with IMGUR as well.

Any guidance with this problem and would be helpful. This is my final issue that I've been battling for many many months. 

Without seeing the log line (from the log file, not the Live Log line!), it's difficult to say more.

Google speeds up HTTPS by using UDP 443 with Chrome and its servers if it's not blocked.  That would mean that the traffic would not be handled by the Transparent Proxy, but could be by a Web Filtering Profile in Standard mode.  If UDP 443 is blocked, Chrome<-->Google falls back to TCP 443.

Cheers - Bob

Without seeing the log line (from the log file, not the Live Log line!), it's difficult to say more.

Google speeds up HTTPS by using UDP 443 with Chrome and its servers if it's not blocked.  That would mean that the traffic would not be handled by the Transparent Proxy, but could be by a Web Filtering Profile in Standard mode.  If UDP 443 is blocked, Chrome<-->Google falls back to TCP 443.

Cheers - Bob

I have had random website failures ranging from accounts.google.com to wellsfargo.com authentication. Nobody couldn't upload youtube videos. 

After reading this post, I checked my Web Protection >> Web Filtering >> Operation Mode. This was set to Transparent Mode. I changed it to Standard Mode and applied the settings. Once this was done, all my https settings were solved. I re-checked my Operation Mode and for some reason, it was set back to Transparent Mode but now all is working fine still.

I have posted on this issue months ago and so far (UNTIL TODAY), all my login "ERR_CONNECTION_RESET" or ERR_CONNECTION_ABORTED have NOT been solved.

There seems to be a problem with this setting as it's set exactly the way it was before but now works.

I've searched all my logs, reinstalled, restored, replaced NIC's, Switches and modem's without any resolutions. 

Member BAlfson has been lots of help but until now, I have never been able to fix this.

Good luck others that have run into this issue. I almost gave up on the product but I felt that I would eventually figure it out.

Yah!!!

I'll follow up if things change,

EddieRock