Connection to server timed out

Hello, 

I saw several posts but I can't find the solution.

On my company's LAN, I cannot join the gestion.ekipea.fr,

and I can intermittently join the cahpp.eu.

On another LAN you can join without any problem the sites.

 

I used "Technical assistance for the strategy" and the site is authorized

The log :

2020:05:13-17:46:03 sophos-1 httpproxy[6922]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block"
method="GET" srcip="192.168.17.26" dstip="37.58.199.78" user="" group="" ad_domain="" statuscode="504" cached="0" profile="REF_DefaultHTTPProfile
(Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2516" request="0x1b09dc00"
url="gestion.ekipea.fr/favicon.ico" referer="http://gestion.ekipea.fr/" error="Connection to server timed out" authtime="0"
dnstime="129" aptptime="66" cattime="91" avscantime="0" fullreqtime="60902172" device="1" auth="0" ua="Mozilla/5.0 (Windows NT 6.3; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36" exceptions="" category="105" reputation="neutral" categoryname="Business"

The filtering profile is transparent
I cleared the DNS cache.
I disabled the firewall on the computer.
I can't ping.
The traceroute leaves the LAN but does not succeed.
the DNS resolution is ok.
I don't know where it is blocked.

That depresses me.
Thank you

Sophie
  • Hello Sophie,

    Thank you for contacting the Sophos Community.

    Can you connect to the shell of  the UTM using Putty and run the following command:

    # wget https://gestion.ekipea.fr/

    Let me know the output.

    Additionally to this in the UTM could you please go to Web Protection >> Filtering Options >> Misc >> Transparent Mode Skiplist >>  Skip Transparent Mode Destination Hosts/Nets >> + >> type = DNS Host >> Hostname = gestion.ekipea.fr >> Save >> Apply

    And do the same for gestion.ekipea.fr/favicon.ico"

    Let me know if after this you are able to access the website.

  • In reply to emmosophos:

    Hello Emmanuel, 

     

    thanks for your help, 

     

    The output for https://gestion.ekipea.fr/

    --2020-05-14 15:59:04-- (try: 5) https://gestion.ekipea.fr/
    Connecting to gestion.ekipea.fr|37.58.199.78|:443... failed: Connection timed out.
    Retrying.

     

    I followed your recommendations but it still doesn't work.

     

  • In reply to TEAM Reseaux:

    Hello TEAM Reseaux,

    By the output, it seems like it might be the website that is not allowing connections to the IP of the UTM.

    This is the output you should see, which means the UTM can connect to the website.

    utm1:/var/log # wget https://gestion.ekipea.fr/
    --2020-05-14 16:09:00-- https://gestion.ekipea.fr/
    Resolving gestion.ekipea.fr... 37.58.199.78
    Connecting to gestion.ekipea.fr|37.58.199.78|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 1944 (1.9K) [text/html]
    Saving to: `index.html'

    100%[===================================================================================================================================================================================================>] 1,944 --.-K/s in 0s

    2020-05-14 16:09:01 (205 MB/s) - `index.html' saved [1944/1944]

    So since the UTM can't connect to the site the users behind the LAN won't be able to connect either. Do you have more than one ISP provider in your UTM?

    If you have another ISP please try the following command:


    utm1:/var/log # wget https://gestion.ekipea.fr/ --bind-address X.X.X.X (Where X.X.X.X is your Public IP address of the other ISP) 

    Please note that running only wget https://gestion.ekipea.fr/ will run it from the ISP which Port is lower so if you have two ISPs one in Port3 and another in Port4 it would do it from Port3 that is why in the command you would need to specify the IP of the Second ISP on Port 4.

    Regards,

  • In reply to emmosophos:

    Hello, 

     

    I only have one access provider.

    I had already contacted the company that has the site.

    they do not do IP filtering.

    I have a Friend who has the same access provider and can access the site.

     

    Regards,

  • In reply to TEAM Reseaux:

    Hello Team Reseaux,

    Usually, ISP providers might allow one IP to connect but block another for some reason. 

    However, we could try to do the following to analyze a packet capture and see if the website is replying to us.

    In the UTM from the Shell please run the following command as root

    # tcpdump -eni any host 37.58.199.78 and port 443 -w /var/website.pcap -b

    In a second Putty connection try the same command as before 

    # wget https://gestion.ekipea.fr/

    Once it fails, stop the pcap on the First putty session by pressing Ctrl + C (Note: You won't see any output during the capture)

    Once you have done this, please enable Support Access in your UTM and send me the Access ID by PM so I can get the packet capture and analyze it

    To enable remote assistance please go to Support >> Support Access >> On >> Access Status >> and copy & paste the Access ID and send it to me, please. Thanks!

     

  • Salut Sophie - bienvenue dans la communauté d’UTM !

    I think the key to this is statuscode="504" - that indicates that you will want to create an Exception for antivirus scanning for gestion.ekipea.fr and cahpp.eu.

    If that doesn't solve the problem, you will need to skip the Proxy for those sites.

    Cheers - Bob
    PS I'm moving this thread to the Web Filtering forum.

  • In reply to BAlfson:

    Hello,

    I don't know how to create an exception in for antivirus scanning. 

    The antivirus is managed by Sophos central admin and I don't find.

     

    I don't know, either, how to bypass the proxy for a site. 

     

    I don't know sophos at all, I'm just starting out.

  • In reply to TEAM Reseaux:

    The log line you gave in your original post above is from the UTM's Web Filtering log.  You don't need to worry about the Sophos Central administered Endpoint in your computer, just the settings in the UTM.  Create an Exception for Anti-Virus on the 'Exceptions' tab in 'Web Protection >> Filtering Options'.

    If that doesn't resolve the problem, add DNS Group definitions for those FQDNs to the 'Transparent Mode Skiplist' on the 'Advanced' tab.

    Cheers - Bob

  • In reply to BAlfson:

    Hello Bob,

    the antivirus is not activated on UTM.

    I searched but I really can't find where the "Advanced" tab and "Transparent Mode Skiplist" are.

    I only found "Application Control Skiplist" and it doesn't work.

     

    Regards Sophie

  • In reply to TEAM Reseaux:

    Salut Sophie,

    The 'Transparent Mode Skiplist' is on the 'Misc' tab of 'Web Protection >> Web Filtering'.

    Cheers - Bob

  • In reply to BAlfson:

    Hello BOB, 

    I forgot but Emmosophos had already made me fill in 'transparent skiplist mode'. I still have the same problem.


    Regards,

    Sophie
  • In reply to TEAM Reseaux:

    Please show pictures of the Skiplist with the Host/Network definition open in Edit and of [LAN Settings] in your browser.  Also, confirm that you're using the Proxy in Transparent mode.

    Cheers - Bob