[Solved] All computers cannot access 1 specific site



  • I have one site where users cannot reach a particular site.
    DNS on all computers and server can correctly lookup the IP for said domain name.

    Attempts at using telnet to connect to the address with either 80 or 443 timeout but work without issue in our office.

    I have connected to another client who uses the same ISP to ensure it wasn't ISP related but they can reach it

    All of the computers have AV on them though the hyper-v host does not. It, too, can not reach the website.
    The firewall is an old Sonicwall with no filtering enabled at all and no blocks preventing reaching the resolved IP.

    Any suggestions on what to check next? I'm a little baffled...

    Thanks!



  • @manxam : Strange, the sonicwall does have a diagnostics feature where one can ping an address.
    The host in question does allow ICMP as tested locally in our offices but the sonicwall timeouts when pinging it.
    Guess it's time to reboot the firewall and, if that fails, contact the ISP?



  • @manxam said in All computers cannot access 1 specific site:

    @manxam : Strange, the sonicwall does have a diagnostics feature where one can ping an address.
    The host in question does allow ICMP as tested locally in our offices but the sonicwall timeouts when pinging it.
    Guess it's time to reboot the firewall and, if that fails, contact the ISP?

    Try a computer connected direct to the ISP modem as well. I've seen Sonicwall routers do some odd things with routing and the firewall. It would not surprise me if the Sonicwall as blocking that specific thing as well.



  • @travisdh1 : Very good point. Router reboot changes nothing. I'll send someone on site to connect to the modem directly and see if it's an ISP issue or that terrible SonicWall.

    Thanks!



  • @manxam said in All computers cannot access 1 specific site:

    @travisdh1 : Very good point. Router reboot changes nothing. I'll send someone on site to connect to the modem directly and see if it's an ISP issue or that terrible SonicWall.

    Thanks!

    The other guys at work like the Sonicwall firewalls, I just think the interface is purposely made to slow me down and confuse things (kinda like cPanel.)



  • @travisdh1 : I'd have to agree with you on that one. I really dislike having to create address objects, service objects, etc and then assigning those to the specific NAT and Firewall groups.
    Just clunky to change something (like a port forward) for something that should take 2 seconds.



  • @travisdh1 said in All computers cannot access 1 specific site:

    @manxam said in All computers cannot access 1 specific site:

    @travisdh1 : Very good point. Router reboot changes nothing. I'll send someone on site to connect to the modem directly and see if it's an ISP issue or that terrible SonicWall.

    Thanks!

    The other guys at work like the Sonicwall firewalls, I just think the interface is purposely made to slow me down and confuse things (kinda like cPanel.)

    People like SonicWall because sales people push SonicWalls. We were just discussing that over lunch.



  • @manxam said in All computers cannot access 1 specific site:

    @travisdh1 : Very good point. Router reboot changes nothing. I'll send someone on site to connect to the modem directly and see if it's an ISP issue or that terrible SonicWall.

    Thanks!

    Any news from them?



  • @Reid-Cooper, unfortunately I had no one to spare today so they'll be going in tomorrow.

    Really curious to see if it's the SW or the ISP.
    If the former there's a simple solution: rip and replace time!
    If the latter, that'll be a fun chat with the cable company...



  • And.. it was the SonicWall
    So very strange that it only appeared to affect this one site with nothing in place to block it via IP nor DNS.

    Thanks for your suggestions guys!



  • @manxam said in [Solved] All computers cannot access 1 specific site:

    And.. it was the SonicWall
    So very strange that it only appeared to affect this one site with nothing in place to block it via IP nor DNS.

    Thanks for your suggestions guys!

    Was it broken? Or was it a setting?



  • @scottalanmiller : As far as I can determine, it was "broken". I didn't go down the route of performing a factory reset as the device was older and I was looking for an excuse to replace it with an ER4 anyways.
    Customer wasn't willing previously despite the fact that the unit was old enough that I had to run Firefox 30 (2014) to admin it and that specific model/firmware was listed as having several vulnerabilities.

    Doing a bit of a deep dive I found NO reason that it was denying access to this one specific site and a reset may have "fixed it", but I didn't relish going through the painful steps of setting it back up again.

    ER4 was cheap enough that, with this problem plus the aforementioned admin issues and vulnerabilities, the customer was willing to upgrade.

    Essentially it was a blessing in disguise.

    Tangentially, why is it that the Orgs with the most amount of spare cash are the least likely to part with it?



  • @manxam Well that worked out then 🙂



  • @scottalanmiller said in [Solved] All computers cannot access 1 specific site:

    @manxam Well that worked out then 🙂

    I did. We're not ones for forcing tech on clients but there's a limit to client risks that we're willing to live with.
    This particular client deals with a LOT of sensitive data and it always bothered me that they had a known vulnerable router in place that we had to admin with a 5 year old version of Firefox.


Log in to reply