417 Expectation Failed when accessing Verizon website
I have a network that is behind a Firebox T55. I can access verizon.com with no problem but when I try to log in to my account at https://secure.verizon.com/signin I get an error page from the web server.
I get the same error on any device using any browser on the local network. If I test from my phone with WiFi off, the page loads normally. Likewise, I've tested from other locations which are also behind Firebox routers (various models) and the page loads normally.
So either Verizon is blocking my IP, my ISP (MetroNet) is doing something strange, or my firewall config is causing an issue. Verizon support claims they do not block IP addresses, although I have my doubts that the rep I was chatting with has any real in-depth knowledge about their back end website security settings. But it would be odd that I can access other pages at verizon.com if this were the case.
I've contacted my ISP to look into possible blacklisted IP addresses but they claim this isn't happening. Again, I'm not super confident the rep is completely knowledgeable, although his point that they would have several complaints (and they don't) if this were happening is fair.
I've tweaked the Firebox config to allow traffic to the web server with minimal inspection but it hasn't made any difference. In traffic logs I see no indication that anything is being blocked or that are any errors of any kind.
About the only log info that's anywhere near useful is the browser (Edge in this case) Developer Tools Network trace...
Request URL: https://secure.verizon.com/signin Request Method: GET Status Code: 417 Expectation Failed Remote Address: 152.195.19.88:443 Referrer Policy: strict-origin-when-cross-origin
The 417 Expectation Failed error seems to be fairly obscure and I can find no reason why it would be happening. The standard clearing of cache/cookies has had no effect either BTW.
Wondering if anyone has seen this specific issue with Verizon's website or similar 417 errors from any website. Looking for any additional insight or suggestions.
Comments
No, I have not seen this error.
When I try to access this site using Edge, I just get a blank screen.
No issue using Firefox, Chrome, Opera or Brave web browsers - all show a login screen.
Use a different web browser.
Thanks, Microsoft...
If you have a HTTPS proxy in your config which allows access to this site, try adding a HTTPS predefined packet filter, From: FQDN enties for secure.verizon.com and login.verizonwireless.com To: Any-external
See if that helps.
If not, perhaps this is some sort of MTU issue.
What type of ISP connection do you have?
Standard Ethernet type connections have a MTU of 1500. Most PPPoE have a MTU of 1492.
Try changing the Global setting, Networking section, TCP MTU Probing from Disabled to "Always enabled", and see if that helps.
Thanks for the input. After further testing I'm nearly certain that this isn't a Watchguard issue. My best guess is that it's a Verzion issue and they are applying some block/filter based on my IP address. But getting to the people who would actually know about it, let alone do anything, is probably an impossible task.
After a month, my ISP assigned IP address finally refreshed and I got a new address. I can now access https://secure.verizon.com/signin again with no issues. So it looks like Verizon was definitely blocking it, contrary to what they claimed. This is why tier 1 support at large companies is usually useless for technical matters.