getting PR_CONNECT_RESET_ERROR when trying to login to a remote router
edited January 2021 in Firebox - Other
Hello and thanks,
when i try to visit a webpage of a remote router, i get this and i need some way to whitelist the website.
"Secure Connection Failed
An error occurred during a connection to asdffdsa6132.duckdns.org:4444. PR_CONNECT_RESET_ERROR"
Sign In to comment.
I get a timeout when trying to access that site.
Are you sure that the port number is correct?
Some sites suggest that PR_CONNECT_RESET_ERROR may be caused by the Honey add-on, and that disabling might help.
well, you cannot connect to asdffdsa6132.duckdns.org, as there is firewall rule on that router, to only allow the ip addresses of my office, which is behind the watchguard router.
note: right now, also at my office, is another router used for guest wifi, if i am logged into that wifi router, right now, i am connected to asdffdsa6132.duckdns.org, no problem
it is clear that the watchguard is blocking me.
this is not the first time i have had issue with this pr_connect_reset_error.
no idea what a Honey add-on is, something on the watchguard?
Honey is a web browser shopping add-on.
Do you have a TCP-UDP proxy in your config?
You can add a Custom TCP packet filter for port 4444, From: Any-trusted To: Any-external or asdffdsa6131.duckdns.org, and see if that helps.
Also, what do you see in Traffic Monitor related to your access to this site when you get this error?
thanks, working now!
now i know what to do for next time; to look at the traffic monitor for the deny rule.
so in this case,
for "HTTPS-Client.Standard.2", i add a allow rule for the domain name
this is from the traffic monitor
Deny 192.168.1.6 18.104.22.168 https/tcp 51892 4444 Trusted External ProxyDrop: HTTPS Request categories (TCP-UDP-proxy-00) proc_id="https-proxy" rc="594" msg_id="2CFF-0001" proxy_act="HTTPS-Client.Standard.2" cats="Dynamic DNS" geo_dst="USA" dstname="asdffdsa6131.duckdns.org"
It was dropped due to the "Dynamic DNS" category you chose to block.
thanks, yes, i noticed that, but why the ugly, confusing error?
how can i get a normal warning that the website is blocked due to dnswatch blocked category?
What makes you think that this has anything to do with DNSWatch????
It is caused by WebBlocker category (cats) ="Dynamic DNS" which is presumably selected on your HTTPS-Client.Standard.2 proxy action.
This setting causes a deny with a reason of HTTPS Request categories.
To get nice deny messages on your web browser, you need to do Inspect on your HTTPS proxy action, and you should get a HTTP proxy action deny message for the HTTP proxy action that you specify in the HTTPS proxy action.
thanks, right, webblocker, not dnswatch. but i get that ugly "PR_CONNECT_RESET_ERROR".
i have used many routers over the years, they all give a nice user-friendly message with details. something like "this website was blocked due to a block categoty of Dynamic DNS, please speak to your administrator"
The issue is that this is a HTTPS session between your web browser and the remote web server.
HTTPS is encrypted between these 2 devices and the firewall can't really send your web browser a nice reply.
I believe that the error is being generated by your web browser, not the firewall.
With Inspect on the HTTPS proxy, the HTTPS session is between your web browser and the firewall, and then from the firewall to the remote web server.
Then because the firewall has a HTTPS connection to your web browser, it can send a nice message back to your web browser.
Had this been a HTTP session, then you would have gotten a deny message from the firewall to your web browser.
getting it again, with https://help.getfoxyproxy.org/index.php/knowledge-base/how-to-use-multiple-proxies-simultaneously-in-firefox/
so every time, i have to look deep into traffic monitor logs, that i really do not understand and parse out the reason. how can this be the official watchguard stance?
Like I said, IF you have Inspect set up on your HTTPS proxy action, THEN you can get a nice deny message to your web browser.
This site is being denied because of a WebBlocker category = "Proxy Avoidance" which is selected on your HTTPS proxy action.
1) look at the categories that are selected in WebBlocker on your HTTPS proxy action, and don't deny ones that you don't want
2) don't use a HTTPS proxy
3) set up Inspect, which requires importing a certificate from the firewall into your web browser
Use of complex firewall features requires some knowledge of those features...
sorry, did not realize that "Inspect" was a router feature, not something i thought you wanted me to do.
can you please send me a how-to link?
A firewall is more than a router.
All of the docs are online, here:
HTTPS-Proxy: Content Inspection
Make sure that you also review this section prior to enabling Inspect:
Use Certificates with HTTPS Proxy Content Inspection
good point and thanks