Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 7471 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM9 (9.510-5) - Single device (iPhone 5S) cannot resolve IP / DNS (all other devices do) of internet device

Steve Munday

Hi, I'm struggling to find the reason why a single device (iPhone 5S) cannot resolve DNS when all other devices on the (home) LAN can.

Background

  • Running UTM 9.510-5
  • The pre-existing LAN has some 14 devices (NAS, Windows 10, AppleTV, iPad, iPhone (7 & 8) -- both iOS 11.4.1)
  • All able to resolve DNS
  • iPhone 5S is using Vodafone Pay-as-you-go with the APN set to pp.vodafone.co.uk

Issue

  • Added the iPhone 5S (iOS 11.4.1) to home WiFi
  • Got .39 IP
  • "Usual" DNS servers 208.67.222.222 & .220.220 (as per my iPhone 7) can be seen with the DNS section of the WiFi defn. on the iPhone 5S
  • Trying to connect to any web site / Apple store fails

Evidence

  • Internal network: Using the iPhone 5S I can access IP addresses within the home network
  • Internal network: Using the iPhone 5S I can "ping" IP addresses within the home network
  • External network: Using an FQN (Example: www.google.co.uk), checking the Firewall logs I see the DNS lookup request go from the iPhone 5S's IP -> 208.67.222.222:53 stating Src MAC (iPhone) Dst MAC (.254 [the UTM]) however nothing is returned to the iPhone's browser
  • External network: Using an IP address I get the same result(s) as for when I use an FQN
  • External network: Using the iPhone 5S I cannot "ping" IP addresses on the internet suggesting something more "basic" is the issue
  • External network: If I do the same thing (Browse, ping) from my iPhone (or a Windows Laptop etc.) the same outbound process occurs yet the web site (etc.) is displayed

Observations

  • iPhone 5S has an IP + expected DNS server details yet the UTM is not relaying / not allowing the "resolved" IP (of the FQN) back to the client (the iPhone 5S in this case)
  • Is there a setting "somewhere" on the iPhone which needs to be toggled as a straight "ping" from the iPhone also yields no response (i.e. a timeout)

 

I'm hoping someone might have hit upon this problem in the past and offer guidance as to where I should be reviewing configuration(s).  As all the other 14 devices work just fine it would seem odd, though, if the UTM itself needed to be re-configured so might it be the iPhone?

Anyway, here's hoping.

Many thanks



This thread was automatically locked due to age.
Parents
  • 0

    What, if anything, do you learn from doing #1 in Rulz, Steve?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob,


    Hi, thanks for nudging me :-)

    Using the "problem" iPhone 5S

    • Application Control "Live log": Empty (i.e. nothing in it at all)
    • Intrustion prevention "Live log": Empty (i.e. nothing in it at all)
    • Firewall "Live log": DNS request from the iPhone 5S to 208.67.222.222:53 (destination MAC is ther UTM) but the Apple Store is not displayed

    If I use my iPhone I see:

    • Firewall "Live Log" shows the DNS request from the iPhone 7 "to" 208.67.222.222:53 (destination MAC is the UTM) + I get the Apple Store

    - Regards, Steve
    PrivatePICO-PC, Intel J1900 Quad Core, 2.42GHz, 4GB RAM, 240GB SSD, 4 x 1GB INTEL Ethernet, UTM 9.510-5 Home License

  • 0 in reply to Steve Munday

    Does the DNS log show anything different when the two phones request the Apple Store?

    This sounds familiar.  Try a Google on site:community.sophos.com/products/unified-threat-management/f ios11 app store - any luck with the first few results?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob,

    Hi, I've done some more digging as it might not be a DNS issue as I first thought.

    • From the iPhone 5S (think "newest" device on the home LAN) I can PING 2 x Windows 10 Laptops however cannot PING the AP (.253) or the Gateway (.254) even though the GW issued the IP for the iPhone 5S!!
    • From my iPhone I can PING all devices
    • I then added a Chromebook (not used for ages so considered a "new" device on the home LAN), the Chromebook can browse to the AP (.253) but can't browse to the UTM (.254) or the NAS(.102)

    When the Chromebook failed to open a home LAN URL I ran the provided "Diagnostics" which said:

    • DNS - Pass
    • Firewall - Failed -- Port 80 and 443 were blocked

    I (re)checked the Firewall log and there is nothing in there for any "failures" against the IP of the Chromebook.

    Very odd!  Any steers would be very much appreciated.

    - Regards, Steve
    PrivatePICO-PC, Intel J1900 Quad Core, 2.42GHz, 4GB RAM, 240GB SSD, 4 x 1GB INTEL Ethernet, UTM 9.510-5 Home License

  • 0 in reply to Steve Munday

    You might try the Chromebook online community.  I wonder if it's doing the blocking.  And the Apple one for the 5S

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob,

    Further digging/analysis completed.

    • Using my iPhone as a "Hot spot" I can connect the iPhone 5S and browse using Safari and access the Apple Store
    • When connected to the UTM
      • DHCP issues a .39 IP (so the MAC isn't blocked at this stage)
      • Able to browse to the AP
      • Turned on logging for "Web Surfing"
      • Using Safari I get the "Unable to open page because the server stopped responding" message
      • Web filtering log: Nothing shows up for the IP address
      • Firewall log: DNS requests (only) seen for the IP address
    • Process repeated with a static .10 address to bypass any "hidden" IP address blocking, got the same results as for .39
    • As the iPhone 5S hasn't been on the Home network until we bought it the associated MAC address is very unlikely to be on a "blocked" list on the UTM

     

    From the above I have to conclude that some sort of "blocking" between the UTM and the iPhone 5S at the MAC level is occurring however "where" that is and "why" eludes me at present.

    - Regards, Steve
    PrivatePICO-PC, Intel J1900 Quad Core, 2.42GHz, 4GB RAM, 240GB SSD, 4 x 1GB INTEL Ethernet, UTM 9.510-5 Home License

  • 0 in reply to Steve Munday

    Bob,

    Hi, did some further analysis today with a "very old" (XP) laptop as that hasn't been on the home network for quite some time.

    Long story short: The XP laptop got an IP and could browse to the AP but no the UTM -- so the same MO as the iPhone and Chromebook.

    So, I'm wondering whether (a) it's the AP not forwarding HTTP requests to the UTM (for "new" devices) OR (b) the UTM blocking "new" device requests even though it has issued IP addresses to them.

    Seems more likely to be the former however it's a (dumb) AP [Netgear R7000] which did get re-booted the other day as part of the initial investigations.

    - Regards, Steve
    PrivatePICO-PC, Intel J1900 Quad Core, 2.42GHz, 4GB RAM, 240GB SSD, 4 x 1GB INTEL Ethernet, UTM 9.510-5 Home License

  • 0 in reply to Steve Munday

    This is a head-scratcher, Steve.  Have you tried checking in the Web Filtering log?  It almost sounds like it's time to invite a techie friend over for dinner so you can show him and explain to him.  Maybe just doing that will give you a new idea.  Any luck with the Web Filtering log?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob,

    I've been able to resolve the issue (fingers crossed).

    In the end all roads seemed to lead to the AP "blocking" any "new" devices from being able to connect when using Port 80/443 even though said device(s) had initially connected to the AP and received an IP from the UTM.

    Anyway, I re-rebooted the AP (both AP and UTM had been previously re-booted at the start of this issue) and was then able to access the Apple Store and Web Sites from the iPhone 5S.

    Morale of the story: Keep looking for the root cause and possibly double re-boot devices!!

    - Regards, Steve
    PrivatePICO-PC, Intel J1900 Quad Core, 2.42GHz, 4GB RAM, 240GB SSD, 4 x 1GB INTEL Ethernet, UTM 9.510-5 Home License

Reply
  • 0 in reply to BAlfson

    Bob,

    I've been able to resolve the issue (fingers crossed).

    In the end all roads seemed to lead to the AP "blocking" any "new" devices from being able to connect when using Port 80/443 even though said device(s) had initially connected to the AP and received an IP from the UTM.

    Anyway, I re-rebooted the AP (both AP and UTM had been previously re-booted at the start of this issue) and was then able to access the Apple Store and Web Sites from the iPhone 5S.

    Morale of the story: Keep looking for the root cause and possibly double re-boot devices!!

    - Regards, Steve
    PrivatePICO-PC, Intel J1900 Quad Core, 2.42GHz, 4GB RAM, 240GB SSD, 4 x 1GB INTEL Ethernet, UTM 9.510-5 Home License

Children
No Data
Unfiltered HTML