Using the new DPI SSL/TSL, Linkedin does not open with Firefox on Mac

Linkedin does not open at all.

Parents
  • There are three different approaches to exclude this traffic. 

     

    1. Web Exception in Web Proxy. 

    2. SSLx Rule above to not decrypt this Page.

    3. Application / URL List to not decrypt this page. 

     

    Did you try all three and still no success? 

    As  mentioned in the other topic: Exception based on SAC (synchronized App control) does not work right now. The Categorization of the Apps is not correct. 

    __________________________________________________________________________________________________________________

  • Thanks. Take note that Linkedin, as google and many famous website, are not the same servers around the world.

    I remember a case with Google on UTM8 where people in Japan were not able to access it since the google webserver had a different SSL configuration.

  • Can you share a screenshot of your page, not loading?

    Can you start to tcpdump this page on XG? 

    Firefox should have a debug mode. https://developer.mozilla.org/en/docs/Tools/Debugger Maybe you see some issues there (not loading content etc.). 

    __________________________________________________________________________________________________________________

  • SFVH_SO01_SFOS 18.0.0 EAP1# tcpdump -A | grep linkedin.com 
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
    09:02:48.641197 Port1, IN: IP 192.168.0.8.59418 > 192.168.1.1.domain: 33483+ A? linkedin.com. (30)
    E..:...................5.&...............linkedin.com.....
    09:02:48.641827 Port2, OUT: IP 192.168.1.100.59418 > 192.168.1.1.domain: 33483+ A? linkedin.com. (30)
    E..:.......5...d.......5.&...............linkedin.com.....
    09:02:48.649734 Port1, IN: IP 192.168.0.8.57275 > 108-174-11-81.fwd.linkedin.com.https: Flags [P.], seq 2083378078:2083378109, ack 3522174701, win 2048, options [nop,nop,TS val 175862764 ecr 2191096742], length 31
    09:02:48.650120 Port1, IN: IP 192.168.0.8.57275 > 108-174-11-81.fwd.linkedin.com.https: Flags [F.], seq 31, ack 1, win 2048, options [nop,nop,TS val 175862764 ecr 2191096742], length 0
    09:02:48.650481 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.0.8.57275: Flags [.], ack 32, win 16, options [nop,nop,TS val 2191318481 ecr 175862764], length 0
    E..J..@.@..........d.5...6...............linkedin.com..............e..l.
    E..J..@.?..I.........5...6.;.............linkedin.com..............e..l.
    E..P..@.@.K.........._.I.<.O.............linkedin.com..............e..l.
    09:02:48.663186 Port1, IN: IP 192.168.0.8.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [SEW], seq 2662102345, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 175862774 ecr 0,sackOK,eol], length 0
    09:02:48.664484 Port2, OUT: IP 192.168.1.100.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [SEW], seq 2662102345, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 175862774 ecr 0,sackOK,eol], length 0
    09:02:48.783745 Port2, IN: IP 108-174-10-10.fwd.linkedin.com.www > 192.168.1.100.57491: Flags [S.E], seq 2708945864, ack 2662102346, win 43440, options [mss 1460,sackOK,TS val 2191209494 ecr 175862774,nop,wscale 12], length 0
    09:02:48.784626 Port1, OUT: IP 108-174-10-10.fwd.linkedin.com.www > 192.168.0.8.57491: Flags [S.E], seq 2708945864, ack 2662102346, win 43440, options [mss 1460,sackOK,TS val 2191209494 ecr 175862774,nop,wscale 12], length 0
    09:02:48.786654 Port1, IN: IP 192.168.0.8.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [.], ack 1, win 2058, options [nop,nop,TS val 175862891 ecr 2191209494], length 0
    09:02:48.786990 Port1, IN: IP 192.168.0.8.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [P.], seq 1:1025, ack 1, win 2058, options [nop,nop,TS val 175862891 ecr 2191209494], length 1024: HTTP: GET / HTTP/1.1
    Host: linkedin.com
    09:02:48.787336 Port2, OUT: IP 192.168.1.100.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [.], ack 1, win 2058, options [nop,nop,TS val 175862891 ecr 2191209494], length 0
    09:02:48.788961 Port2, OUT: IP 192.168.1.100.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [P.], seq 1:1025, ack 1, win 2058, options [nop,nop,TS val 175862891 ecr 2191209494], length 1024: HTTP: GET / HTTP/1.1
    Host: linkedin.com
    09:02:48.908184 Port2, IN: IP 108-174-10-10.fwd.linkedin.com.www > 192.168.1.100.57491: Flags [.], ack 1025, win 12, options [nop,nop,TS val 2191209618 ecr 175862891], length 0
    09:02:48.908531 Port1, OUT: IP 108-174-10-10.fwd.linkedin.com.www > 192.168.0.8.57491: Flags [.], ack 1025, win 12, options [nop,nop,TS val 2191209618 ecr 175862891], length 0
    09:02:48.911333 Port1, IN: IP 192.168.0.8.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [P.], seq 1025:1997, ack 1, win 2058, options [nop,nop,TS val 175863011 ecr 2191209618], length 972: HTTP
    {t...4.fB6zz7MdxiBso5DrxKQYioARyOLtlgcqaCSOTW9aAyLBDyqrJPXs50yr7IQLSBFhnWF21_swu9d6AoSRT1zshQTvWCmHhwQPuMXE5XxZvp0VErDq7c4hUuRwpq3ZrSKvidhsBLNkZ5vwg; liap=true; bcookie="v=2&46fc05f3-3dc4-473e-838c-8ae2e3fe6593"; __ssid=8a68eff4-a582-4a36-bc91-c5b984a6efbf; AMCV_14215E3D5995C57C0A495C55%40AdobeOrg=-1303530583%7CMCIDTS%7C18181%7CMCMID%7C06839050635958499712016515639914359284%7CMCAAMLH-1571463277%7C6%7CMCAAMB-1571463277%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1570865677s%7CNONE%7CMCCIDH%7C1150670477%7CvVersion%7C3.3.0; aam_uuid=06987871443952791601959969047482178111; utag_main=v_id:016c496a3652000e313df11fa4e30105200fa00f0093c$_sn:3$_se:1$_ss:1$_st:1569080730496$vapi_domain:linkedin.com$ses_id:1569078930496%3Bexp-session$_pn:1%3Bexp-session; jobs_hru=false; lidc="b=VB18:g=3150:u=867:i=1570858479:t=1570944871:s=AQH9jA_tMwUwxU3v1hxAkpvvlM0M-59f"; lang=v=2&lang=en-us; AMCVS_14215E3D5995C57C0A495C55%40AdobeOrg=1
    09:02:48.914314 Port1, OUT: IP 108-174-10-10.fwd.linkedin.com.www > 192.168.0.8.57491: Flags [.], ack 1997, win 12, length 0
    09:02:48.914652 Port2, OUT: IP 192.168.1.100.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [P.], seq 1025:1997, ack 1, win 2058, options [nop,nop,TS val 175863011 ecr 2191209618], length 972: HTTP
    {t...4.fB6zz7MdxiBso5DrxKQYioARyOLtlgcqaCSOTW9aAyLBDyqrJPXs50yr7IQLSBFhnWF21_swu9d6AoSRT1zshQTvWCmHhwQPuMXE5XxZvp0VErDq7c4hUuRwpq3ZrSKvidhsBLNkZ5vwg; liap=true; bcookie="v=2&46fc05f3-3dc4-473e-838c-8ae2e3fe6593"; __ssid=8a68eff4-a582-4a36-bc91-c5b984a6efbf; AMCV_14215E3D5995C57C0A495C55%40AdobeOrg=-1303530583%7CMCIDTS%7C18181%7CMCMID%7C06839050635958499712016515639914359284%7CMCAAMLH-1571463277%7C6%7CMCAAMB-1571463277%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1570865677s%7CNONE%7CMCCIDH%7C1150670477%7CvVersion%7C3.3.0; aam_uuid=06987871443952791601959969047482178111; utag_main=v_id:016c496a3652000e313df11fa4e30105200fa00f0093c$_sn:3$_se:1$_ss:1$_st:1569080730496$vapi_domain:linkedin.com$ses_id:1569078930496%3Bexp-session$_pn:1%3Bexp-session; jobs_hru=false; lidc="b=VB18:g=3150:u=867:i=1570858479:t=1570944871:s=AQH9jA_tMwUwxU3v1hxAkpvvlM0M-59f"; lang=v=2&lang=en-us; AMCVS_14215E3D5995C57C0A495C55%40AdobeOrg=1
    09:02:49.033694 Port2, IN: IP 108-174-10-10.fwd.linkedin.com.www > 192.168.1.100.57491: Flags [.], ack 1997, win 12, options [nop,nop,TS val 2191209744 ecr 175863011], length 0
    09:02:49.034175 Port2, IN: IP 108-174-10-10.fwd.linkedin.com.www > 192.168.1.100.57491: Flags [P.], seq 1:171, ack 1997, win 12, options [nop,nop,TS val 2191209744 ecr 175863011], length 170: HTTP: HTTP/1.1 301 Moved Permanently
    Location: https://www.linkedin.com/
    09:02:49.034280 Port2, IN: IP 108-174-10-10.fwd.linkedin.com.www > 192.168.1.100.57491: Flags [F.], seq 171, ack 1997, win 12, options [nop,nop,TS val 2191209744 ecr 175863011], length 0
    09:02:49.034942 Port2, OUT: IP 192.168.1.100.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [.], ack 171, win 2058, length 0
    09:02:49.035412 Port1, OUT: IP 108-174-10-10.fwd.linkedin.com.www > 192.168.0.8.57491: Flags [P.], seq 1:171, ack 1997, win 12, options [nop,nop,TS val 2191209744 ecr 175863011], length 170: HTTP: HTTP/1.1 301 Moved Permanently
    Location: https://www.linkedin.com/
    09:02:49.039668 Port1, IN: IP 192.168.0.8.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [.], ack 171, win 2056, options [nop,nop,TS val 175863136 ecr 2191209744], length 0
    E..k..@.@.Y..........X.9m.C.e...P..^._..B...,.fmtwbusg...............................................................192.168.0.8....linkedin.com........Business Networking....http://linkedin.com/............LinkedIN Website...
    E..m..@.@..............9X......YP..^.a..B.....fmtwbdtl.............................................................].z.........192.168.0.8....linkedin.com........Business Networking....http://linkedin.com/............LinkedIN Website...
    09:02:49.051578 Port1, IN: IP 192.168.0.8.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [SEW], seq 4253973202, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 175863149 ecr 0,sackOK,eol], length 0
    09:02:49.052766 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [SEW], seq 4253973202, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 175863149 ecr 0,sackOK,eol], length 0
    09:02:49.173161 Port2, IN: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.1.100.57494: Flags [S.E], seq 3205905758, ack 4253973203, win 43440, options [mss 1460,sackOK,TS val 2191248398 ecr 175863149,nop,wscale 12], length 0
    09:02:49.174070 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.0.8.57494: Flags [S.E], seq 3205905758, ack 4253973203, win 43440, options [mss 1460,sackOK,TS val 2191248398 ecr 175863149,nop,wscale 12], length 0
    09:02:49.254403 Port1, IN: IP 192.168.0.8.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], ack 1, win 2058, options [nop,nop,TS val 175863351 ecr 2191248398], length 0
    09:02:49.255080 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], ack 1, win 2058, options [nop,nop,TS val 175863351 ecr 2191248398], length 0
    09:02:49.255395 Port1, IN: IP 192.168.0.8.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [P.], seq 1:580, ack 1, win 2058, options [nop,nop,TS val 175863351 ecr 2191248398], length 579
    .............www.linkedin.com..........
    09:02:49.255759 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.0.8.57494: Flags [.], ack 580, win 16, options [nop,nop,TS val 2191248398 ecr 175863351], length 0
    09:02:49.264487 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [P.], seq 1:553, ack 1, win 1040, options [nop,nop,TS val 175863351 ecr 2191248398], length 552
    .............www.linkedin.com..........
    09:02:49.362984 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.0.8.57494: Flags [.], ack 580, win 16, options [nop,nop,TS val 2191248398 ecr 175863351], length 0
    09:02:49.384857 Port2, IN: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.1.100.57494: Flags [.], ack 553, win 11, options [nop,nop,TS val 2191248609 ecr 175863351], length 0
    09:02:49.390210 Port2, IN: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.1.100.57494: Flags [.], seq 1:1437, ack 553, win 11, options [nop,nop,TS val 2191248614 ecr 175863351], length 1436
    ..LinkedIn Corporation1.0...U....www.linkedin.com0.."0..	*.H.............0..
    .f..|...........Cau.{.(..3..TyB. ..M~................0...0...U.#..0.....a..1a./(..F8.,....0...U.............B~......O.A..0L..U...E0C..www.linkedin.com..media.licdn.com..static.licdn.com..linkedin.com0...U...........0...U.%..0...+.........+.......0k..U...d0b0/.-.+.)http://crl3.digicert.com/ssca-sha2-g6.crl0/.-.+.)http://crl4.digicert.com/ssca-sha2-g6.crl0L..U. .E0C07.	`.H...l..0*0(..+.........https://www.digicert.com/CPS0...g.....0|..+........p0n0$..+.....0...http://ocsp.digicert.com0F..+.....0..:http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0...U.......0.0....
    09:02:49.390257 Port2, IN: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.1.100.57494: Flags [.], seq 1437:2873, ack 553, win 11, options [nop,nop,TS val 2191248614 ecr 175863351], length 1436
    09:02:49.390279 Port2, IN: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.1.100.57494: Flags [P.], seq 2873:3456, ack 553, win 11, options [nop,nop,TS val 2191248614 ecr 175863351], length 583
    09:02:49.390896 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.0.8.57494: Flags [P.], seq 1:75, ack 580, win 16, options [nop,nop,TS val 2191248398 ecr 175863351], length 74
    09:02:49.391444 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], ack 2873, win 1040, options [nop,nop,TS val 175863351 ecr 2191248614], length 0
    09:02:49.393400 Port1, IN: IP 192.168.0.8.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], ack 75, win 2057, options [nop,nop,TS val 175863487 ecr 2191248398], length 0
    09:02:49.411447 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.0.8.57494: Flags [P.], seq 75:1482, ack 580, win 16, options [nop,nop,TS val 2191248398 ecr 175863351], length 1407
    ..LinkedIn Corporation1.0...U....www.linkedin.com0.."0..	*.H.............0..
    !......FM....S!.g...0.^.....7N.z..<...Y.B.i............s..v...Z. .{0.">.&...}|Yb..W....[.......Sc;l.U......o 1.d.N^..;..P.I..@.f...e.f]'..........0..0...U.............B~......O.A..0L..U...E0C..www.linkedin.com..media.licdn.com..static.licdn.com..linkedin.com0...U...........0...U.%..0...+.........+.......0...U.......0.0..	*.H.............<4%....Q....PH..E..^....]...f~8(......Z.E.L.4....Xb..:..t.QT%...\E.M.	..k=.%8...z.b0e^..jQ~......D.rS...^.:.....eDs..4..s..4..)jm..ag.&......c.w...11..:..3U...s,uz`.....:f.>.b:R`..<.ske.qhG.h$...a.V.>O..Y....l.{..v~..5...u.......d._m.veJ....z(....`..~.17......,...(... ..=.n........2a^.....hFKT.D....$.....3.......k+..#.......!.{..
    09:02:49.413365 Port1, IN: IP 192.168.0.8.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], ack 1482, win 2035, options [nop,nop,TS val 175863506 ecr 2191248398], length 0
    09:02:49.417585 Port1, IN: IP 192.168.0.8.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [P.], seq 580:673, ack 1482, win 2048, options [nop,nop,TS val 175863509 ecr 2191248398], length 93
    09:02:49.419069 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [P.], seq 553:595, ack 3456, win 1040, options [nop,nop,TS val 175863512 ecr 2191248614], length 42
    09:02:49.419524 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [P.], seq 595:646, ack 3456, win 1040, options [nop,nop,TS val 175863512 ecr 2191248614], length 51
    09:02:49.420016 Port1, IN: IP 192.168.0.8.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 673:2121, ack 1482, win 2048, options [nop,nop,TS val 175863509 ecr 2191248398], length 1448
    09:02:49.420068 Port1, IN: IP 192.168.0.8.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [P.], seq 2121:2721, ack 1482, win 2048, options [nop,nop,TS val 175863509 ecr 2191248398], length 600
    09:02:49.420330 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.0.8.57494: Flags [.], ack 2121, win 16, options [nop,nop,TS val 2191248567 ecr 175863509], length 0
    09:02:49.526431 Port2, IN: IP 108-174-10-10.fwd.linkedin.com.www > 192.168.1.100.57491: Flags [F.], seq 171, ack 1997, win 12, options [nop,nop,TS val 2191210237 ecr 175863011], length 0
    09:02:49.526797 Port1, OUT: IP 108-174-10-10.fwd.linkedin.com.www > 192.168.0.8.57491: Flags [F.], seq 171, ack 1997, win 12, options [nop,nop,TS val 2191210237 ecr 175863011], length 0
    09:02:49.530676 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.0.8.57494: Flags [.], ack 2721, win 16, options [nop,nop,TS val 2191248670 ecr 175863509], length 0
    09:02:49.539717 Port2, IN: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.1.100.57494: Flags [.], ack 646, win 11, options [nop,nop,TS val 2191248764 ecr 175863512], length 0
    09:02:49.539784 Port2, IN: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.1.100.57494: Flags [P.], seq 3456:3730, ack 646, win 11, options [nop,nop,TS val 2191248764 ecr 175863512], length 274
    09:02:49.540857 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.0.8.57494: Flags [P.], seq 1482:1705, ack 2721, win 16, options [nop,nop,TS val 2191248687 ecr 175863509], length 223
    09:02:49.541322 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.0.8.57494: Flags [P.], seq 1705:1756, ack 2721, win 16, options [nop,nop,TS val 2191248687 ecr 175863509], length 51
    09:02:49.570498 Port1, IN: IP 192.168.0.8.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [.], ack 172, win 2056, options [nop,nop,TS val 175863622 ecr 2191210237], length 0
    09:02:49.570562 Port1, IN: IP 192.168.0.8.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [F.], seq 1997, ack 172, win 2056, options [nop,nop,TS val 175863622 ecr 2191210237], length 0
    09:02:49.570890 Port2, OUT: IP 192.168.1.100.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [.], ack 172, win 2056, options [nop,nop,TS val 175863622 ecr 2191210237], length 0
    09:02:49.571092 Port2, OUT: IP 192.168.1.100.57491 > 108-174-10-10.fwd.linkedin.com.www: Flags [F.], seq 1997, ack 172, win 2056, options [nop,nop,TS val 175863622 ecr 2191210237], length 0
    09:02:49.587994 lo, IN: IP localhost.domain > localhost.33206: 7373 1/0/0 PTR 108-174-11-81.fwd.linkedin.com. (88)
    E..t..@.@.K..........5...`.s.............81.11.174.108.in-addr.arpa..............R. .108-174-11-81.fwd.linkedin.com.
    09:02:49.592001 Port1, IN: IP 192.168.0.8.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [P.], seq 2721:3206, ack 1482, win 2048, options [nop,nop,TS val 175863625 ecr 2191248670], length 485
    09:02:49.592049 Port1, IN: IP 192.168.0.8.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], ack 1705, win 2044, options [nop,nop,TS val 175863631 ecr 2191248687], length 0
    09:02:49.592068 Port1, IN: IP 192.168.0.8.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], ack 1756, win 2047, options [nop,nop,TS val 175863631 ecr 2191248687], length 0
    09:02:49.594529 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 646:2094, ack 3730, win 1040, options [nop,nop,TS val 175863691 ecr 2191248764], length 1448
    09:02:49.594702 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [P.], seq 2094:3179, ack 3730, win 1040, options [nop,nop,TS val 175863691 ecr 2191248764], length 1085
    09:02:49.611306 Port2, IN: IP 192.168.1.1.domain > 192.168.1.100.40452: 50020 1/0/0 PTR 108-174-10-10.fwd.linkedin.com. (88)
    E..t..@.@..........d.5...`.P.d...........10.10.174.108.in-addr.arpa................ .108-174-10-10.fwd.linkedin.com.
    E..t..@.@.Kx...........I.`.s.d...........10.10.174.108.in-addr.arpa................ .108-174-10-10.fwd.linkedin.com.
    09:02:49.611510 lo, IN: IP localhost.domain > localhost.55082: 57842 1/0/0 PTR 108-174-10-10.fwd.linkedin.com. (88)
    E..t..@.@.Kw.........5.*.`.s.............10.10.174.108.in-addr.arpa................ .108-174-10-10.fwd.linkedin.com.
    09:02:49.690173 Port2, IN: IP 108-174-10-10.fwd.linkedin.com.www > 192.168.1.100.57491: Flags [.], ack 1998, win 12, options [nop,nop,TS val 2191210400 ecr 175863622], length 0
    09:02:49.690607 Port1, OUT: IP 108-174-10-10.fwd.linkedin.com.www > 192.168.0.8.57491: Flags [.], ack 1998, win 12, options [nop,nop,TS val 2191210400 ecr 175863622], length 0
    09:02:49.702838 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.0.8.57494: Flags [.], ack 3206, win 16, options [nop,nop,TS val 2191248838 ecr 175863625], length 0
    09:02:49.716179 Port2, IN: IP 108-174-11-81.fwd.linkedin.com.https > 192.168.1.100.57494: Flags [.], ack 646, win 12, options [nop,nop,TS val 2191248941 ecr 175863512,nop,nop,sack 1 {2094:3179}], length 0
    09:02:49.862692 Port2, OUT: IP 192.168.1.100.57301 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 1228104693:1228106141, ack 1116859232, win 1040, options [nop,nop,TS val 175866414 ecr 2190957091], length 1448
    09:02:49.962741 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 646:2094, ack 3730, win 1040, options [nop,nop,TS val 175864051 ecr 2191248941], length 1448
    09:02:50.198669 Port2, OUT: IP 192.168.1.100.57456 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 3531803203:3531804651, ack 1689360825, win 1040, options [nop,nop,TS val 175864592 ecr 2191155476], length 1448
    09:02:50.490651 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 646:2094, ack 3730, win 1040, options [nop,nop,TS val 175864583 ecr 2191248941], length 1448
    09:02:51.342657 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 646:2094, ack 3730, win 1040, options [nop,nop,TS val 175865431 ecr 2191248941], length 1448
    09:02:52.830654 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 646:2094, ack 3730, win 1040, options [nop,nop,TS val 175866923 ecr 2191248941], length 1448
    09:02:53.630680 Port2, OUT: IP 192.168.1.100.57481 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 1485829136:1485830584, ack 2801395598, win 1040, options [nop,nop,TS val 175867840 ecr 2191308131], length 1448
    09:02:54.234677 Port2, OUT: IP 192.168.1.100.57465 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 3793216031:3793217479, ack 1823036923, win 1040, options [nop,nop,TS val 175868539 ecr 2191303108], length 1448
    09:02:54.378668 Port2, OUT: IP 192.168.1.100.57475 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 764060939:764062387, ack 3461069303, win 1040, options [nop,nop,TS val 175868631 ecr 2191232988], length 1448
    09:02:55.602638 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 646:2094, ack 3730, win 1040, options [nop,nop,TS val 175869691 ecr 2191248941], length 1448
    09:02:57.546277 Port2, IN: IP 108-174-11-81.fwd.linkedin.com > 192.168.1.100: ICMP ip reassembly time exceeded, length 556
    09:02:57.546381 Port2, IN: IP 108-174-11-81.fwd.linkedin.com > 192.168.1.100: ICMP ip reassembly time exceeded, length 556
    09:02:57.546691 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com > 192.168.0.8: ICMP ip reassembly time exceeded, length 556
    09:02:57.546860 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com > 192.168.0.8: ICMP ip reassembly time exceeded, length 556
    09:02:57.610480 Port2, IN: IP 108-174-11-81.fwd.linkedin.com > 192.168.1.100: ICMP ip reassembly time exceeded, length 556
    09:02:57.610828 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com > 192.168.0.8: ICMP ip reassembly time exceeded, length 556
    09:02:57.722923 Port2, OUT: IP 192.168.1.100.57446 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 363634348:363635796, ack 2784629110, win 1040, options [nop,nop,TS val 175872147 ecr 2191303996], length 1448
    09:02:58.050670 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 646:2094, ack 3730, win 1040, options [nop,nop,TS val 175872143 ecr 2191248941], length 1448
    09:02:58.058491 Port2, IN: IP 108-174-11-81.fwd.linkedin.com > 192.168.1.100: ICMP ip reassembly time exceeded, length 556
    09:02:58.058852 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com > 192.168.0.8: ICMP ip reassembly time exceeded, length 556
    09:02:58.634524 Port2, IN: IP 108-174-11-81.fwd.linkedin.com > 192.168.1.100: ICMP ip reassembly time exceeded, length 556
    09:02:58.634912 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com > 192.168.0.8: ICMP ip reassembly time exceeded, length 556
    09:02:59.594507 Port2, IN: IP 108-174-11-81.fwd.linkedin.com > 192.168.1.100: ICMP ip reassembly time exceeded, length 556
    09:02:59.594892 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com > 192.168.0.8: ICMP ip reassembly time exceeded, length 556
    09:03:01.514515 Port2, IN: IP 108-174-11-81.fwd.linkedin.com > 192.168.1.100: ICMP ip reassembly time exceeded, length 556
    09:03:01.514983 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com > 192.168.0.8: ICMP ip reassembly time exceeded, length 556
    .........LinkedIN Website........Business Networking........................................Valid....KEY_TYPE__RSA..........TRUE....RSA 2048 bits....62:84:f1:44:40:7c:fc:bf:e3:07:9...%TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256....www.linkedin.com....SSL/TLS Enabled....Maximum compatibility....TLS version - 1.2....................................D....P.E...	.....S....
    .........LinkedIN Website........Business Networking........................................Valid....KEY_TYPE__RSA..........TRUE....RSA 2048 bits....62:84:f1:44:40:7c:fc:bf:e3:07:9...%TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256....www.linkedin.com....SSL/TLS Enabled....Maximum compatibility....TLS version - 1.2....................................D....P.E...	.....S....
    09:03:02.742823 Port2, OUT: IP 192.168.1.100.57494 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 646:2094, ack 3730, win 1040, options [nop,nop,TS val 175876831 ecr 2191248941], length 1448
    09:03:03.210712 Port2, OUT: IP 192.168.1.100.57456 > 108-174-11-81.fwd.linkedin.com.https: Flags [.], seq 0:1448, ack 1, win 1040, options [nop,nop,TS val 175877600 ecr 2191155476], length 1448
    09:03:03.306308 Port2, IN: IP 108-174-11-81.fwd.linkedin.com > 192.168.1.100: ICMP ip reassembly time exceeded, length 556
    09:03:03.306415 Port2, IN: IP 108-174-11-81.fwd.linkedin.com > 192.168.1.100: ICMP ip reassembly time exceeded, length 556
    09:03:03.306715 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com > 192.168.0.8: ICMP ip reassembly time exceeded, length 556
    09:03:03.306850 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com > 192.168.0.8: ICMP ip reassembly time exceeded, length 556
    09:03:03.818556 Port2, IN: IP 108-174-11-81.fwd.linkedin.com > 192.168.1.100: ICMP ip reassembly time exceeded, length 556
    09:03:03.818740 Port2, IN: IP 108-174-11-81.fwd.linkedin.com > 192.168.1.100: ICMP ip reassembly time exceeded, length 556
    09:03:03.818845 Port2, IN: IP 108-174-11-81.fwd.linkedin.com > 192.168.1.100: ICMP ip reassembly time exceeded, length 556
    09:03:03.818941 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com > 192.168.0.8: ICMP ip reassembly time exceeded, length 556
    09:03:03.819133 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com > 192.168.0.8: ICMP ip reassembly time exceeded, length 556
    09:03:03.819295 Port1, OUT: IP 108-174-11-81.fwd.linkedin.com > 192.168.0.8: ICMP ip reassembly time exceeded, length 556

  • Adding "linkedin.com" under exception TLS URL did the trick to allow Linkedin to open even on FF.

    You should investigate what the issue is.

    Let me know if you want to connect to  my XG.

    Regards

  • I guess, the other guys will pick up your appliance to troubleshoot your issue. 
    But its interesting.

    Could you please confirm, that its only MacOs + Firefox?

    Other clients with other browsers works fine (without the exception of course). 

    __________________________________________________________________________________________________________________

  • https://www.ebay.it

    This website on FF does not load at all if DPI is enabled. On Safari it works. Hope to get a dev to look into the log and understand what is the issue with XG DPI along with FF.

    Currently I am using FF 70.0.1

    Regards

  • An update:

    on Safari the https://www.ebay.it opens but any other page does not load.

    For example, My Ebay, this is the result:

  • After 30 minutes,

    none of the websites are loading anymore. NONE. Only community. It is definitely is a bug on my system. I need a dev to look at my system. No one has this issue?

    I will switch back to proxy mode.

  • I guess, there is differently something wrong in your setup. 

    Because i started to PoC XGv18 EAP to some customers and there are do not have any issues in this setup. 

     

    You are saying, the Normal Proxy is not causing this issue? 

     Maybe you could investigate this appliance? 

    __________________________________________________________________________________________________________________

  • Hi Luk,

    I clicked on your troublesome link and was able to access the page as well as sub pages. I am running DPI on a 6gb XG.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data