Some websites get ERR_TIMED_OUT

RE: Some websites get ERR_TIMED_OUT

Dragos Avram1 — Fri, 21 Jul 2023 13:14:11 GMT

Check if the firewall rule has an application filter. probably Block filter avoidance apps.

RE: Some websites get ERR_TIMED_OUT

Walter Burke — Mon, 15 May 2023 18:54:26 GMT

Was this issue ever resolved? If so, what was the solution?

RE: Some websites get ERR_TIMED_OUT

Erick Jan — Fri, 03 Mar 2023 10:48:11 GMT

Hi FJay,

The screenshot you've attached are not visible.

based on the previous FW rule log. It isnt hitting any FW rule logs and is being denied.

Also, kindly add more information concerning the issue,

1. What sites are experiencing err_timed_out

2. Create a test policy to allow any without Web policy

3. Screenshot of FW logs and the FW rule you've created

4. Screenshot of SSL/TLS configuration and logs after accessing the site.

I would recommend creating a case so that it can be properly investigated,

RE: Some websites get ERR_TIMED_OUT

FJay — Thu, 02 Mar 2023 14:43:23 GMT

Hi Erick Jan,

Thank you again.

I have created a rule at the top : no go.

I added the TLS rule as shown : to no avail. Still ERR_TIMED_OUT.

Here is what I have in logs :

Does it help ?

Fab

RE: Some websites get ERR_TIMED_OUT

Erick Jan — Wed, 01 Mar 2023 11:39:06 GMT

Hi Fjay,

Upon checking your FW logs, It is being denied.

Can you create a test policy to allow the said site on the very top.
Also, create an SSL/TLS Policy with the following if what you said that "I went to TLS/SSL inspection but there is nothing there."

For Exception, you can try to follow the following link:

Server did not respond to client hello

Can you share your SSL/TLS log after accessing the site like below

RE: Some websites get ERR_TIMED_OUT

FJay — Wed, 01 Mar 2023 10:24:42 GMT

Hi again,

I went to the Exceptions... and apparently I tried that already (sorry it has been so long we have this issue...)

Is this correct ?

RE: Some websites get ERR_TIMED_OUT

FJay — Wed, 01 Mar 2023 10:21:41 GMT

Hi Erick Jan,

Thank you for looking.

Funny to see how cases like that are closed by Sophos. But that's the past.

Anyway, it seems a lot faster and to the point here. Let's give it a try !

This is what I get in the Firewall logs for one of the site I am trying to reach :

I will add the exceptions as you suggested.
Would I have to continue adding any other site that doesn't work when Sophos is in the chain ?

For the TLS/SSL, could you guide me on where you want me to grab that ?

I went to TLS/SSL inspection but there is nothing there.

Thank you very mush for your help.

Fab

RE: Some websites get ERR_TIMED_OUT

Erick Jan — Wed, 01 Mar 2023 10:11:29 GMT

Hi FJay,

Good day, Upon checking on the cases.

Case 05657043
The case was closed due to No Answer from the Customer side.

Case 05156521
The case was closed as the issue does not reside within Sophos Firewall

Also, based on the screenshot of your SSL/TLS Logs on the previous post, It indicates that "Server did not respond to client Hello"

Have you tried Excluding the domain by creating a new exception (web > Exceptions > Add) and checking all the skip actions

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Web/Exceptions/index.html

Can you share the TLS/SSL log when accessing the said sites?

I would recommend creating another case so that it can be properly investigated and kindly share the case#

RE: Some websites get ERR_TIMED_OUT

Erick Jan — Tue, 28 Feb 2023 15:05:49 GMT

Hi FJay,

Thank you for the information. Will further check the issue.

RE: Some websites get ERR_TIMED_OUT

FJay — Tue, 28 Feb 2023 14:47:27 GMT

Cases 05657043, 05156521and Discussion on this platform : https://community.sophos.com/sophos-xg-firewall/f/discussions/135886/tcp-retransmission-rst-ack---some-websites-not-answering

RE: Some websites get ERR_TIMED_OUT

FJay — Tue, 28 Feb 2023 14:41:30 GMT

Tried all the options to no avail.

I tried also no IPv6 address and any combination of internal DNS, ISP DNS and Google/Cloudflare DNS.

RE: Some websites get ERR_TIMED_OUT

PhilippRusch — Tue, 28 Feb 2023 14:40:30 GMT

Could you try using IPv4 DNS resolution only? Disable IPv6?

RE: Some websites get ERR_TIMED_OUT

Erick Jan — Tue, 28 Feb 2023 14:09:17 GMT

Hi FJay,

Thank you for reaching out to Sophos Community.

I apologies for the experienced. Would it be possible to share your case ID. Thank you

RE: Some websites get ERR_TIMED_OUT

FJay — Tue, 28 Feb 2023 13:35:32 GMT

Hi Philip,

Thank you for the reply.

Sorry if it is unspecific. I'll try to make it clearer.

2 Sites, both in HA.

One Has XG2100 (19.0.1) and the other XG2300 (19.5MR1).

1. There is no upstream proxy. I don't get MASQ on the uplink port. MASQ is linked to the FW rule

2. Here you go.

3. 19.0.1 on one site and 19.5MR1 on the other.

4. I have checked the cabling on both sites, change from HA A/A to A/P, remove HA. Remove second appliance completely, remove the second internet line, change the internet line. I have replaced the XG2100 by a UDMPro to test and discard any other equipment -> This is working like a breeze.
5. Yes indeed. On one site I have Telefonica and Orange. On the other I have Proximus and Colt.

I am sorry if it was not clear enough and I am happy to add anything that might help.

This is what I get...

Thank you very much for your time.

Fab

RE: Some websites get ERR_TIMED_OUT

PhilippRusch — Tue, 28 Feb 2023 12:52:11 GMT

Did you give more infos in your earlier/older post?

I find your explanations very unclear and unspecific:

1. You switched off filtering for testing, ok. But do you use the proxy, if yes, which mode? Did you implement a MASQ rule for the ISP uplink port?

2. You "checked" the DNS? How? Show us the configuration. please. (paste screenshot)

3. At least we know the release version your are on.

4. Do you have a second firewall with HA in place? Is your cabling correct?

5. What do you mean by "changed the internet connection"? Do you have different providers you can use alternatively?

We are volunteers trying to help, but we do not have a crystal ball.