Websites blocked by SonicWall - Troubleshooting guide

08/29/2022 313 People found this article helpful 333,717 Views

Description

Websites getting blocked is a very frequent scenario. When you have tested bypassing SonicWall with the same ISP and public IP and the website works fine, then the conclusion points to some Security services blocking the website. Let us check each service in a structured and well defined way.

Cause

Causes for a website not accessible can be many. However, the most prominent ones are

Wrong MTU on the WAN interface
Content Filtering Service (CFS)
App control

The best way to identify would be scanning through Logs and a packet capture. Again, since this is a traffic over HTTP(s), there will be fairly huge amount of traffic and so, narrowing down is very important.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

First things first, check MTU for each WAN interface.
The default MTU size is 1500, however for some networking technologies reducing the MTU size and allowing fragmentation can help eliminate some connectivity problems occurring at the protocol level.
NOTE: Contact your ISP for the recommended MTU size for your Internet connection.
There are 2 ways of doing it.
1. How to determine the MTU value using PMTU discovery option in the diagnostics page
2. How can I determine the MTU size of WAN interfaces manually?
Packet capture:
Read more about Packet capture here: Setup and utilize the Packet Monitor feature for troubleshooting
Since we need to capture all packets on HTTP(s) ports that are TCP 80 and 443, there will be a huge traffic and hence some good amount of packets. Follow the same steps as that of the KB above. The captures would give is the correct idea as to what is blocking:

This drop clearly says Enforced Content Filter. Next steps would be to find out the CFS Profile for this internal IP, and then add the URL or the Category to Allowed.
i. How to allow or block URI and sub-domains using Content Filtering
ii. Troubleshooting partial or broken websites

This drop says IDP detection, which means it is using IPS signature to block. App control uses IPS signature to block. Next step to allow would be to navigate to Logs, find the signature for the corresponding internal IP and Disable Block on that signature.

The following KBs would give a good idea.
i. How can I resolve drop code "IDP detection"?
ii. Streaming to YouTube fails, connection dropped by App Control
When there are neither any drops nor any response (SYN,ACK) for our SYN packet, that means you need to check with the ISP.

For immediate assistance or if you like to speak to an engineer, please call us on our support number at your convenience. Regional telephone numbers can be found on the link below:
https://www.sonicwall.com/support/contact-support/

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

First things first, check MTU for each WAN interface.
The default MTU size is 1500, however for some networking technologies reducing the MTU size and allowing fragmentation can help eliminate some connectivity problems occurring at the protocol level.
NOTE: Contact your ISP for the recommended MTU size for your Internet connection.
There are 2 ways of doing it.
1. How to determine the MTU value using PMTU discovery option in the diagnostics page
2. How can I determine the MTU size of WAN interfaces manually?
Packet capture:
Read more about Packet capture here: Setup and utilize the Packet Monitor feature for troubleshooting
Since we need to capture all packets on HTTP(s) ports that are TCP 80 and 443, there will be a huge traffic and hence some good amount of packets. Follow the same steps as that of the KB above. The captures would give is the correct idea as to what is blocking:

This drop clearly says Enforced Content Filter. Next steps would be to find out the CFS Profile for this internal IP, and then add the URL or the Category to Allowed.
i. How to allow or block URI and sub-domains using Content Filtering
ii. Troubleshooting partial or broken websites

This drop says IDP detection, which means it is using IPS signature to block. App control uses IPS signature to block. Next step to allow would be to navigate to Logs, find the signature for the corresponding internal IP and Disable Block on that signature. The following KBs would give a good idea.
i. How can I resolve drop code "IDP detection"?
ii. Streaming to YouTube fails, connection dropped by App Control
When there are neither any drops nor any response (SYN,ACK) for our SYN packet, that means you need to check with the ISP.

For immediate assistance or if you like to speak to an engineer, please call us on our support number at your convenience. Regional telephone numbers can be found on the link below:
https://www.sonicwall.com/support/contact-support/

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

Websites blocked by SonicWall - Troubleshooting guide

Description

Cause

Resolution

Resolution for SonicOS 7.X

Resolution for SonicOS 6.5

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch