This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Broken Websites with 9.4 and IE11

We have 4  9.4 UTM's running inline in transparent mode with our network before this we had them setup with proxy.pac files telling IE to go out via the UTM. Since changing to inline we have an issue with some websites   spotify.com for example loading up  broken and missing pieces in IE11 but if you load the same website in Chrome it works fine. This only started after changing to inline transparent mode.

Are there settings in IE 11 I need to change to fix the websites.  I suspect it is a User GPO issue along with the UTM because as an admin I login and get no GPO's applied to me and these websites work for me without issues in IE11 but an end user who is locked down logs in and they can't load the website properly.

Tests i've done.

Computer as me and UTM as me = website loads fine

Computer as end user and UTM as me = broken website

Computer as end user and UTM as end user = broken website

Computer as end user and UTM as me = broken website.



This thread was automatically locked due to age.
Parents
  • Web proxy logs during the failed website loads would be helpful.

    One other possibility is if any of those services use non-standard ports (eg other that 80 and 443).  By default in explicit mode the browser will send HTTP/HTTPS traffic on any port to the proxy port on the UTM.  In transparent mode, each port just goes on its own.  Try looking at firewall logs to see if there is any traffic on non-standard ports being blocked.  Also google "spotify ports".

Reply
  • Web proxy logs during the failed website loads would be helpful.

    One other possibility is if any of those services use non-standard ports (eg other that 80 and 443).  By default in explicit mode the browser will send HTTP/HTTPS traffic on any port to the proxy port on the UTM.  In transparent mode, each port just goes on its own.  Try looking at firewall logs to see if there is any traffic on non-standard ports being blocked.  Also google "spotify ports".

Children
  • I thought about blocked ports but if that was the case when I login to the computer the websites should still be broken.   It is some setting in Windows GPO for IE11 that just goes bonkers with the UTM being in-line.

    As for the logs when I login to the UTM I am full/open access so nothing is being block there either.

    Does it have something to do with http 1.1 or javascripting or secure/non-secure content. I am almost to the point of rolling out chrome to 5000's computers

  • Before you roll out new browsers, take a look at logs.  Another good debugging tool would be to wireshark on the client.