Error in website after upgrading M200

After upgrading to the latest version, we are getting an error message when accessing a government website. when we check the log, nothing is denied. With the diagnostic log in debug it is not possible to see the problem. I hope you can help.

LOG:

tcp-udp-proxy 0x12e6efd0-615125 317124560:615125: new connection 539: 192.168.10.55:53891 -> 161.196.60.81:443 [A t] {N} | -1: 190.121.225.174:53891 -> 161.196.60.81:443 [!B] {N}[!] Debug
Allow 192.168.10.55 161.196.60.81 https/tcp 53891 443 LAN_ WAN_Digitel ProxyReplace: IP protocol (TCP-UDP-prueba-00) TCP-UDP-Proxy.Standard.1 proc_id="tcp-udp-proxy" rc="591" msg_id="2DFF-0004" proxy_act="TCP-UDP-Proxy.Standard.1" rule_name="HTTPS-Client.Standard.1" new_action="HTTPS-Client.Standard.1" Traffic
tcp-udp-proxy 0x12e6efd0-615125 317124560:615125: connection finished 539: 192.168.10.55:53891 -> 161.196.60.81:443 [A t] {N} | 540: 190.121.225.174:53891 -> 161.196.60.81:443 [!B c] {N}[P] Debug
https-proxy 0x12e6efd0-615125 317124560:615125: nondata event 'SSL_PROTO_CLIENT_HELLO_COMPLETE: 539: 192.168.10.55:53891 -> 161.196.60.81:443 [A t] {B}' Debug
https-proxy 0x1174bb60-615123 426: 192.168.10.55:53890 -> 161.196.60.81:443 [A t] {B} | 469: 190.121.225.174:53890 -> 161.196.60.81:443 [B t] {N}[]: Webblocker request sent Debug
https-proxy 0x1174bb60-615123 292862816:615123: nondata event 'DATA_INTERNAL(234): 426: 192.168.10.55:53890 -> 161.196.60.81:443 [A t] {X}' Debug
Allow 192.168.10.55 161.196.60.81 https/tcp 53890 443 LAN_ WAN_Digitel ProxyAllow: HTTPS Request categories (TCP-UDP-prueba-00) HTTPS-Client.Standard.1 proc_id="https-proxy" rc="590" msg_id="2CFF-0001" proxy_act="HTTPS-Client.Standard.1" cats="exception rule name: WB Rule 2" dstname="sistema.sunagro.gob.ve" Traffic
https-proxy 0x1174bb60-615123 426: 192.168.10.55:53890 -> 161.196.60.81:443 [A t] {N}: got 75 bytes of data Debug
https-proxy 0x1174bb60-615123 426: 192.168.10.55:53890 -> 161.196.60.81:443 [A t] {N}: got 613 bytes of data Debug
https-proxy 0x12e6efd0-615125 539: 192.168.10.55:53891 -> 161.196.60.81:443 [A t] {B} | 540: 190.121.225.174:53891 -> 161.196.60.81:443 [B t] {N}[]: Webblocker request sent Debug
https-proxy 0x12e6efd0-615125 317124560:615125: nondata event 'DATA_INTERNAL(234): 539: 192.168.10.55:53891 -> 161.196.60.81:443 [A t] {X}' Debug
Allow 192.168.10.55 161.196.60.81 https/tcp 53891 443 LAN_ WAN_Digitel ProxyAllow: HTTPS Request categories (TCP-UDP-prueba-00) HTTPS-Client.Standard.1 proc_id="https-proxy" rc="590" msg_id="2CFF-0001" proxy_act="HTTPS-Client.Standard.1" cats="exception rule name: WB Rule 2" dstname="sistema.sunagro.gob.ve" Traffic
https-proxy 0x1174bb60-615123 292862816:615123: nondata event 'ABORT: -1: 192.168.10.55:53890 -> 161.196.60.81:443 [~!A rsa] {N}' Debug
https-proxy 0x1174bb60-615123 CLEANUP for conn 0x1174bb60 :-1: 192.168.10.55:53890 -> 161.196.60.81:443 [~!A rsa] {N} | -1: 190.121.225.174:53374 -> 161.196.60.81:443 [~!B xra] {N}[Ceo] Debug
Allow 192.168.10.55 161.196.60.81 https/tcp 53890 443 LAN_ WAN_Digitel HTTPS Request (TCP-UDP-prueba-00) HTTPS-Client.Standard.1 proc_id="https-proxy" rc="548" msg_id="2CFF-0000" proxy_act="HTTPS-Client.Standard.1" tls_profile="TLS-Client-HTTPS.Standard" tls_version="TLS_V12" sni="sistema.sunagro.gob.ve" cn="sistema.sunagro.gob.ve" cert_issuer="CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US" cert_subject="CN=sistema.sunagro.gob.ve" action="allow" app_id="0" app_cat_id="0" sent_bytes="1205" rcvd_bytes="1958" Traffic
Allow 192.168.10.55 161.196.60.81 https/tcp 53891 443 LAN_ WAN_Digitel Allowed 52 127 (TCP-UDP-prueba-00) proc_id="firewall" rc="100" msg_id="3000-0148" src_ip_nat="190.121.225.174" tcp_info="offset 8 S 2468299622 win 64240" Traffic
https-proxy 0x12e6efd0-615125 539: 192.168.10.55:53891 -> 161.196.60.81:443 [A t] {N}: got 75 bytes of data Debug
https-proxy 0x12e6efd0-615125 539: 192.168.10.55:53891 -> 161.196.60.81:443 [A t] {N}: got 693 bytes of data Debug
https-proxy 0x12e6efd0-615125 317124560:615125: nondata event 'CLOSE: 539: 192.168.10.55:53891 -> 161.196.60.81:443 [A trs] {N}' Debug
https-proxy 0x12e6efd0-615125 317124560:615125: nondata event 'CHAN_READ_BLOCKED: 539: 192.168.10.55:53891 -> 161.196.60.81:443 [A txrs] {N }' Debug
https-proxy 0x12e6efd0-615125 CLEANUP for conn 0x12e6efd0 :-1: 192.168.10.55:53891 -> 161.196.60.81:443 [~!A xrs] {N} | -1: 190.121.225.174:53891 -> 161.196.60.81:443 [!B] {N}[] Debug
Allow 192.168.10.55 161.196.60.81 https/tcp 53891 443 LAN_ WAN_Digitel HTTPS Request (TCP-UDP-prueba-00) HTTPS-Client.Standard.1 proc_id="https-proxy" rc="548" msg_id="2CFF-0000" proxy_act="HTTPS-Client.Standard.1" tls_profile="TLS-Client-HTTPS.Standard" tls_version="TLS_V12" sni="sistema.sunagro.gob.ve" cn="sistema.sunagro.gob.ve" cert_issuer="CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US" cert_subject="CN=sistema.sunagro.gob.ve" action="allow" app_id="0" app_cat_id="0" sent_bytes="1285" rcvd_bytes="1958" Traffic
Allow 192.168.10.55 161.196.60.81 https/tcp 53892 443 LAN_ WAN_Digitel Allowed 52 127 (TCP-UDP-prueba-00) proc_id="firewall" rc="100" msg_id="3000-0148" src_ip_nat="190.121.225.174" tcp_info="offset 8 S 2949039988 win 64240" Traffic
tcp-udp-proxy 0x1041a4d0-615127 272737488:615127: new connection 110: 192.168.10.55:53892 -> 161.196.60.81:443 [A t] {N} | -1: 190.121.225.174:53892 -> 161.196.60.81:443 [!B] {N}[!] Debug
Allow 192.168.10.55 161.196.60.81 https/tcp 53892 443 LAN_ WAN_Digitel ProxyReplace: IP protocol (TCP-UDP-prueba-00) TCP-UDP-Proxy.Standard.1 proc_id="tcp-udp-proxy" rc="591" msg_id="2DFF-0004" proxy_act="TCP-UDP-Proxy.Standard.1" rule_name="HTTPS-Client.Standard.1" new_action="HTTPS-Client.Standard.1" Traffic
tcp-udp-proxy 0x1041a4d0-615127 272737488:615127: connection finished 110: 192.168.10.55:53892 -> 161.196.60.81:443 [A t] {N} | 469: 190.121.225.174:53892 -> 161.196.60.81:443 [!B c] {N}[P] Debug
https-proxy 0x1041a4d0-615127 272737488:615127: nondata event 'SSL_PROTO_CLIENT_HELLO_COMPLETE: 110: 192.168.10.55:53892 -> 161.196.60.81:443 [A t] {B}' Debug
https-proxy 0x1041a4d0-615127 110: 192.168.10.55:53892 -> 161.196.60.81:443 [A t] {B} | 469: 190.121.225.174:53892 -> 161.196.60.81:443 [B t] {N}[]: Webblocker request sent Debug
https-proxy 0x1041a4d0-615127 272737488:615127: nondata event 'DATA_INTERNAL(234): 110: 192.168.10.55:53892 -> 161.196.60.81:443 [A t] {X}' Debug
Allow 192.168.10.55 161.196.60.81 https/tcp 53892 443 LAN_ WAN_Digitel ProxyAllow: HTTPS Request categories (TCP-UDP-prueba-00) HTTPS-Client.Standard.1 proc_id="https-proxy" rc="590" msg_id="2CFF-0001" proxy_act="HTTPS-Client.Standard.1" cats="exception rule name: WB Rule 2" dstname="sistema.sunagro.gob.ve" Traffic

Comments

  • Best to open a support incident on this.
    Option 1) add a HTTPS proxy, just in case that there is an issue with the TCP-UDP proxy. See if that helps.
    Option 2) you can, at least for the time being, add a HTTPS packet filter To: the IP addr of this web site.

  • Hi Bruce, I did the option 1 and the result was the same. Option 2 I do not understand what I have to do.

  • Add a HTTPS packet filter, From: Any-trusted To: 161.196.60.81, which is the IP addr for sistema.sunagro.gob.ve
    Make sure that this policy is above any other HTTPS policy.

  • Ok it is understood

Sign In to comment.