Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 38 subscribers
  • Views 1955 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't access our company's website from our network

Sophos User3914

We're currently having issues with accessing our website that is being hosted from a third party. All users in our network can't load the site. It returns "Website not available". Accessing it outside the network is just fine. We've added our domain name under "Protect/Web/Exceptions" and still no luck.



This thread was automatically locked due to age.
  • 0

    Hi,

    what result do you see when you tracert to your website?

    Is the website in your XG DNS?

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Hello there,

    Thank you for contacting the Sophos Community.

    Additionally to what rfcat_vk has mentioned, please do a nslookup from one of the computers that is unable to access the website, confirm if the IP address that it resolves to, is the same that your 3rd party website hosting is using.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to rfcat_vk

    This is what I'm getting inside our network:

    tracert aoausa.com

      1    <1 ms    <1 ms    <1 ms  cypress.aoausa.lan [10.0.0.1]
      2    <1 ms    <1 ms    <1 ms  64-60-227-97.static-ip.telepacific.net [64.60.227.97]
      3     2 ms     2 ms     2 ms  ord-static-208.57.122.69.mpowercom.net [208.57.122.69]
      4     2 ms     2 ms     2 ms  be6.cr2.lsancajw.telepacific.net [208.57.18.97]
      5     2 ms     3 ms     2 ms  las-b3-link.ip.twelve99.net [213.248.103.248]
      6     *        *        2 ms  las-b22-link.ip.twelve99.net [62.115.125.162]
      7    32 ms    32 ms    32 ms  dls-b22-link.ip.twelve99.net [62.115.118.246]
      8    43 ms    43 ms    43 ms  kanc-b2-link.ip.twelve99.net [62.115.125.158]
      9    55 ms    55 ms    55 ms  chi-b23-link.ip.twelve99.net [213.155.130.176]
     10    55 ms    55 ms    55 ms  google-ic326615-chi-b23.ip.twelve99-cust.net [80.239.128.33]
     11     *        *        *     Request timed out.
     12    55 ms    55 ms    55 ms  72.14.239.112
     13    55 ms    55 ms    55 ms  108.170.243.219
     14    56 ms    56 ms    56 ms  216.239.40.189
     15    58 ms    59 ms    58 ms  72.14.232.70
     16    58 ms    61 ms    58 ms  216.239.41.99

    nslookup result:

    Name:    aoausa.com
    Address:  35.206.101.147

    // OUTSIDE THE NETWORK //

    Tracing route to aoausa.com [2607:7700:0:1a:0:1:23ce:6593]
    over a maximum of 30 hops:

      1     2 ms     2 ms     2 ms  2607:fb90:4aec:3470::b3
      2    38 ms    36 ms    32 ms  2607:fb90:4aec:3470:0:2:25f0:f40
      3     *        *        *     Request timed out.
      4     *        *        *     Request timed out.
      5     *        *        *     Request timed out.
      6     *        *        *     Request timed out.
      7    55 ms    48 ms    39 ms  2607:7700:0:1a:0:1:aa2:823d
      8   130 ms    84 ms    86 ms  2607:7700:0:1a:0:1:ab1:4c5d
      9    91 ms    92 ms    86 ms  2607:7700:0:1a:0:1:ab1:5f0
     10   101 ms    87 ms    95 ms  2607:7700:0:1a:0:1:aa4:a302
     11   190 ms    95 ms    95 ms  2607:7700:0:1a:0:1:ab1:5fb
     12    83 ms    87 ms    95 ms  2607:7700:0:1a:0:1:aa4:a211
     13   316 ms    98 ms    87 ms  2607:7700:0:1a:0:1:ab1:54d
     14    83 ms    87 ms    96 ms  2607:7700:0:1a:0:1:aa4:a531
     15   111 ms    86 ms    78 ms  2607:7700:0:1a:0:1:d155:ae98
     16    93 ms    96 ms    84 ms  2607:7700:0:1a:0:1:6caa:f402
     17     *       89 ms     *     2607:7700:0:1a:0:1:d8ef:3b97
     18     *      179 ms     *     2607:7700:0:1a:0:1:d155:8f67
     19    97 ms    94 ms    97 ms  2607:7700:0:1a:0:1:8efa:eb81
     20   151 ms    97 ms    95 ms  2607:7700:0:1a:0:1:8efa:e80e
     21     *      228 ms    99 ms  2607:7700:0:1a:0:1:8efa:e835
     22     *        *        *     Request timed out.
     23     *        *        *     Request timed out.

    nslookkup result:

    Non-authoritative answer:
    Name:    aoausa.com
    Addresses:  2607:7700:0:1a:0:1:23ce:6593
              35.206.101.147

  • 0 in reply to emmosophos

    This is what I'm getting inside our network:

    tracert aoausa.com

      1    <1 ms    <1 ms    <1 ms  cypress.aoausa.lan [10.0.0.1]
      2    <1 ms    <1 ms    <1 ms  64-60-227-97.static-ip.telepacific.net [64.60.227.97]
      3     2 ms     2 ms     2 ms  ord-static-208.57.122.69.mpowercom.net [208.57.122.69]
      4     2 ms     2 ms     2 ms  be6.cr2.lsancajw.telepacific.net [208.57.18.97]
      5     2 ms     3 ms     2 ms  las-b3-link.ip.twelve99.net [213.248.103.248]
      6     *        *        2 ms  las-b22-link.ip.twelve99.net [62.115.125.162]
      7    32 ms    32 ms    32 ms  dls-b22-link.ip.twelve99.net [62.115.118.246]
      8    43 ms    43 ms    43 ms  kanc-b2-link.ip.twelve99.net [62.115.125.158]
      9    55 ms    55 ms    55 ms  chi-b23-link.ip.twelve99.net [213.155.130.176]
     10    55 ms    55 ms    55 ms  google-ic326615-chi-b23.ip.twelve99-cust.net [80.239.128.33]
     11     *        *        *     Request timed out.
     12    55 ms    55 ms    55 ms  72.14.239.112
     13    55 ms    55 ms    55 ms  108.170.243.219
     14    56 ms    56 ms    56 ms  216.239.40.189
     15    58 ms    59 ms    58 ms  72.14.232.70
     16    58 ms    61 ms    58 ms  216.239.41.99

    nslookup result:

    Name:    aoausa.com
    Address:  35.206.101.147

    // OUTSIDE THE NETWORK //

    Tracing route to aoausa.com [2607:7700:0:1a:0:1:23ce:6593]
    over a maximum of 30 hops:

      1     2 ms     2 ms     2 ms  2607:fb90:4aec:3470::b3
      2    38 ms    36 ms    32 ms  2607:fb90:4aec:3470:0:2:25f0:f40
      3     *        *        *     Request timed out.
      4     *        *        *     Request timed out.
      5     *        *        *     Request timed out.
      6     *        *        *     Request timed out.
      7    55 ms    48 ms    39 ms  2607:7700:0:1a:0:1:aa2:823d
      8   130 ms    84 ms    86 ms  2607:7700:0:1a:0:1:ab1:4c5d
      9    91 ms    92 ms    86 ms  2607:7700:0:1a:0:1:ab1:5f0
     10   101 ms    87 ms    95 ms  2607:7700:0:1a:0:1:aa4:a302
     11   190 ms    95 ms    95 ms  2607:7700:0:1a:0:1:ab1:5fb
     12    83 ms    87 ms    95 ms  2607:7700:0:1a:0:1:aa4:a211
     13   316 ms    98 ms    87 ms  2607:7700:0:1a:0:1:ab1:54d
     14    83 ms    87 ms    96 ms  2607:7700:0:1a:0:1:aa4:a531
     15   111 ms    86 ms    78 ms  2607:7700:0:1a:0:1:d155:ae98
     16    93 ms    96 ms    84 ms  2607:7700:0:1a:0:1:6caa:f402
     17     *       89 ms     *     2607:7700:0:1a:0:1:d8ef:3b97
     18     *      179 ms     *     2607:7700:0:1a:0:1:d155:8f67
     19    97 ms    94 ms    97 ms  2607:7700:0:1a:0:1:8efa:eb81
     20   151 ms    97 ms    95 ms  2607:7700:0:1a:0:1:8efa:e80e
     21     *      228 ms    99 ms  2607:7700:0:1a:0:1:8efa:e835
     22     *        *        *     Request timed out.
     23     *        *        *     Request timed out.

    nslookkup result:

    Non-authoritative answer:
    Name:    aoausa.com
    Addresses:  2607:7700:0:1a:0:1:23ce:6593
              35.206.101.147

  • 0 in reply to Sophos User3914

    Hi,

    part of the issue will be that the XG does not handle IPv6 very well and does not appear to return an IPv6 address when performing look-up.

    Are you using the XG as a DNS or are you using your AD. You might like to check your IP4 and IPv6 settings in the XG.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    We are using our AD. Our DNS query configuration under "Configure/Network/DNS Query Configuration" is currently set to "Choose server based on incoming requests record type".

  • 0 in reply to Sophos User3914

    When you try the same test from the XG diagnostics tab what are the results?

    The issue appears to be you IP4 and IPV6 setup in the XG and users. The internal nslookup only returned an IP4 address.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    So when I checked the Policy Test, this is what it returned.

    Connection
    Test time: 08:38:13 Tuesday
    Destination: https://aoausa.com
    Destination IP: 35.206.101.147, port 443, TCP
    Source IP: 64.60.227.98
    Source zone: Auto-detection
    User: User unauthenticated
    Firewall rule: No matched rule (ID: 0)
    Result: Blocked

  • 0 in reply to Sophos User3914

    Hello there,

    Can you run the following command from the Advanced Shell of the XG you will need to use Putty to SSH and then press 5 >3

    After that run the following command:

    # wget https://aoausa.com

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Unfiltered HTML