Webfilter Websites are not opening

Hi Sally,

Please show one line each from the Web Filter log for blocks of xoco.no and www.viennatour.at.

Cheers - Bob

Hello Bob,

there are no blocks for xoco.no and www.viennatour.at in the Webfilter Log.

What else I can check?

Thx

Regards

Sally

1 Disable all the routes and policy routes

Dont touch External Wan, just enable Gateway in eth2, UTM will ask to enable Uplink Balancing. Just klick OK
After that you will configure only "Multipath Routes" in Interfaces section. 

Ok, I will try this on the weekend, and let you know.

Thx

Sally

Are you owner of this domain pages? have you configured DNS entries in UTM for these pages?  Otherwise must be just routes problem who can bring up Masquerade problems
  

No, im not owner of this domains. When I disable the Policy Routes, and the Internet Connection go directly over the External WAN, also this Pages working...

Ok. Make thinks work with multipath rules. It definetly masquerade problem. The request is going from one interface and asnwer came from the other

Hi Oldeda,

i tried yet the the following:

1. Disabled all Policy Routes

2. Enabled Gateway in eth2. I get asked for Gateway IP, this IP i set to the same IP like the DMZ VPN IP of eth2.

3. Uplink Monitoring was activated

4. Created the following Multipath Rule Internal Network -> ANY -> Internet IPv4 -> Bind Interface DMZ VPN Afterwards i checked no Connection to Internet..

In the Policy Route i had the following Rule:

Internal (Network) -> Internal -> Any - Internet IPv4 -> Target VPN Router in the DMZ.

The VPN Router has IP 10.0.0.5 / 24 and the Default GW is 10.0.0.1 the UTM.

Do i have something wrong in the Multipath Rule, that it not work?

Thx Sally

Here is missing the Attachment diagram. 
After ping Failure from DMZ interface, Check for the configurations of the IP Interfaces and proper netmask

what IP have eth2 and VPN Router?
eth2 must use the VPN Router IP as gateway, and the VPN Router makes the connection (If I understood the schema)

Hello Oldeda,

yes, the VPN Router makes the connection. 

eth2 IP

10.0.0.1 /24

VPN Router 

10.0.0.5 /24

GW: 10.0.0.1

Hello Oldeda,

yes, the VPN Router makes the connection. 

eth2 IP

10.0.0.1 /24

VPN Router 

10.0.0.5 /24

GW: 10.0.0.1

Eth2 Gateway must be the VPN router ip

Hello,

after your recommendation, to set router IP as Gateway for eth2 the Internet Connection works. When checking with traceroute, the internet traffic goes over the vpn tunnel to internet, thats perfect.

But the following pages still not work:

salsanena.at

viennatour.at

xoco.no

Please see attached the masquerading rules, they are still active, do I have to change there yet also something?

Thx

Sally

ping those pages directly from UTM with their name not IP. Maybe is a DNS broblem. Or maybe skip those host in Web Filter to not check anything.

One problem at a time [:D]

Ok, pinging the 3 Pages above from UTM over VPN Interface, there is no reply. Pinging other working websites I get an reply .

Doing nslookup from Client, the DNS Resolution for the none working websites is working.

Where can i try to skip the host from webfilter?

Thx

Masquerading must be only 2 for internals networks Internal -> Uplink Interfaces. DMZ Media - Uplink Interfaces
UTM will decide what to masquerade based on Multipath Routes and Priority in Uplink Balancing. Maybe you still have a policy route or static route there. And this can cause loopback proxy problems

Ok, I adapted the masquerading. But I have to leave also the rule Internal Network - DMZ Media, otherwise the RDP Connection to the media server isn't working ..

Can you please tell me where I can exactly take out the filtering from Webfilter, to test if the problem comes from the Filter??

Thx

Sally

Under Interfaces - Uplink Balancing active Interfaces are the External (WAN) and second the DMZ VPN are included, do I have to sort there the interfaces like DMZ VPN first, and after the External (WAN) or is this not relevant?

Since you made the Multipath Rules it is not necessary sorting. 

If You cant ping those pages from UTM the problem isn't in the web filter. I checked and the 3 pages respond to ping, two are hosted in Austria and one in USA

Now the problem is excluded from webfilter, because ping has nothing to do with it. Is there any NAT Rules, Firewall Rules or Country Blocking?

I checked, there is no NAT Rule, Country Blocking is activated but off for Austria and United States. Firewall Rules are:

Internal - Any - DMZ VPN (Network)

DMZ VPN Network - DNS, FTP, HTTP, HTTPS, NTP, PING - Internet IPv4

What I have still set from the previous Configuration is: 

Web Protection - Filtering Options - Misc - Skip Transparent Source Mode Hosts / Nets - and have there defined Laptop, Phones, Printer etc.