Can't browse google.com sometimes

So, sometimes, whenI try to browse google.com, I get these messages in my traffic monitor.

2022-12-29 20:25:07 Deny https/tcp 65267 443 Trusted External blocked sites 52 127 (HTTPS-proxy-00) proc_id="firewall" rc="101" msg_id="3000-0173" tcp_info="offset 8 S 3077427955 win 61690" geo_dst="USA"
2022-12-29 20:26:04 Deny https/tcp 65513 443 Trusted External blocked sites 52 127 (HTTPS-proxy-00) proc_id="firewall" rc="101" msg_id="3000-0173" tcp_info="offset 8 S 1022425615 win 61690" geo_dst="USA"

I can't find anything blocking google.com in my HTTPS Proxy rule. Any ideas?


  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @davidortenn79
    Something in your blocked sites list is probably getting grabbed and matches that FQDN.

    Pull a support file for your firewall
    (Firebox System Manager under the status report tab, click support, then retreive, or WebUI under system status -> diagnostic tasks, and click to download a support log file.

    You'll need a program like 7-zip (free) that can open TGZ files

    Navigate to the following file in your support file:

    Search for that IP ( in this file.

    If you find it, look directly above the IP for the FQDN information for that IP. For example:

    I have The firewall logged that pandasecurity.org resolves to this:

    FQDN[1403:1] domainID: 17, pandasecurity.com(pandasecurity.com), refcnt: 1, Status: Perfect
    FQDN[1403:1] IP Count: 2 , Sub-label: 0 , total-adding=10 , total-deleting=8 , total-earlydrop=0
    FQDN[1403:1] Type: wildcard , Duration: 0 (s)
    FQDN[1403:1] NS: ns-1520.awsdns-62.org(, AA-Min-TTL: 300 , Duration: 0 (s), Update-count: 1
    FQDN[1403:1] TTL: 300(s), Flag: 00000600

     Index     Address       TTL   TTL-PKT   AA    Expiration           FLAG      Label        CNAME
    [001]     300     20       NAA  remain 0h:1m:11s    00000032  www            

    Do you have a blocked sites entry for that IP or FQDN in your blocked sites list?
    (Block a Site Permanently)

    If so, remove it.

    (I would strongly recommend not putting FQDNs in the blocked sites list unless you have a very specific reason to do so. It should not be used as an alternate webblocker deny list. Webblocker looks at the full URL path, whereas blocked sites only makes a match to an IP and denies all traffic to that IP.)

    -James Carson
    WatchGuard Customer Support

Sign In to comment.