Comments
-
Thanks Bruce. Rebooting the cluster resolved the DNS resolution requests against the old DNS servers.
-
Wireshark shows DNS resolution requests against the old DNS servers from the Firebox for repauth.watchguard.com -- that's why I was guessing Reputation Authority. Again, I'm trying to figure out where the old DNSes are stored for this activity.
-
What's the domain?
-
The new CSP v12.4.B592447 resolves the https://trust.cdc.gov issue for me in all browsers!
-
That was a proposed work-around suggested to me when I opened the bug report (see below). However, that does not work for the site I was trying to access (at lest on the test build I'm running): https://trust.cdc.gov On you system, if you use Chrome and try to access https://trust.cdc.gov do you get a communications error,…
-
Heard back from Support: It was reported that you are unable to go to certain Https sites from Google Chrome. This is currently a known issue that our Engineering team is working on. (FBX-16203) For proper case tracking and notifications, I will set the status of this case to 'Bug/Enhancement Submitted'. This allows you to…
-
Will do. BTW, when accessing from home, on any browser, I can communicate with the server.
-
Snippet of Chrome (Not Working) Logs: 2019-04-10 17:03:07 Member1 https-proxy 0x2ef83e0-2349245 https_domain_name_check matching rule against ip: 198.246.102.45 Debug 2019-04-10 17:03:07 Member1 https-proxy 0x376d520-1779045 58119456:1779045: nondata event 'CHAN_READ_BLOCKED: 887: 10.0.1.175:18582 -> 198.246.102.45:443 [A…
-
Ryan, I'm not seeing that particular error in my logs. The problem is accessing the https://trust.cdc.gov website (the actual URL is very long, but is not required to for the test). If I access via Firefox, it communicates with the server and lets me know I didn't pass the URL variables with this message: Secure Proxy…
-
FWIW, staff said they were able to access before the upgrade. I see this in my logs if it helps: 2019-04-10 13:21:50 Member1 pxy 0x429d450-1444029 connect failed Connection refused 4843: 10.0.1.175:29591 -> 198.246.102.45:80 [A] {B} | 5282: 209.116.152.2:29591 -> 198.246.102.45:80 [!B c] {B}[P] Debug
-
Actually, that is what you should see -- I didn't include all the extra parameters. So you are able to communicate with that server. I only get that in Firefox, other browsers give me a error: This site can’t provide a secure connection trust.cdc.gov sent an invalid response. Try running Windows Network Diagnostics.…
-
Bruce, another oddball for you. Can you access https://trust.cdc.gov from Chrome, IE, or Edge. In Chome, IE, and Edge, I get security issues. In Firefox, the communication works fine (you will get a server side exception) but the site does respond. Testing in Chome, IE, and Edge outside of the FB works fine.
-
Looks like the PFS Ciphers=Allow was the trick. As always Bruce, thanks for the quick reply.