Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Unable to access a particular HTTPS website
  •  
mma1

Messages: 2
Karma: 0
Send a private message to this user
Can't access a particular secured website through the Kerio firewall from any pc in the intranet, but can connect if the pc is connected to the internet through a mobile phone's hotspot.
  •  
Ernesto (Kerio)

Messages: 90
Karma: 7
Send a private message to this user
Assuming you have the default traffic and content rules, I think you need to look at the Kerio Control logs to determine why it is blocking connections to that particular web server. The filter and debug logs in particular can be very useful in these situations.

Another good test to try in order to determine if Kerio Control is blocking these connections, is to create a test traffic rule at the very top of the list to allow all connections from the LAN to that particular web server, identified by its IP address maybe?, and with the protocol inspector disabled (http://kb.kerio.com/1689). If connections work after adding this test traffic rule, disable it and then use the logs as mentioned above to determine what rule is blocking.

Sales Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
mma1

Messages: 2
Karma: 0
Send a private message to this user
Thanks, Ernesto. First I perused all the logs, including filter and debug, and they do not indicate any issue whatsoever. Also I have captured network traffic between the client PC and the https web server and it seems that the handshaking is failing for some unknown reason. I see a client hello but no server hello (there is a TCP RST from the webserver), and that the client is attempting to connect using SSL and not the TLS protocol, which would be the case when the client PC is successfully connected through my mobile phone's hotspot.

And as you suggested, I have tried both disabling the https protocol inspector and creating a direct traffic rule from the client PC to the internet interfaces (or, alternatively, to the webserver), which did not make any difference in either case. Any further suggestions? Thanks!

  •  
Ernesto (Kerio)

Messages: 90
Karma: 7
Send a private message to this user
You may need to enable logging in traffic rules to be able to see when it is used. It can be done by editing the Action field on both, content and traffic rules.

The debug log needs to be configured to trace specific events, in this case when something is blocked. Right-click in the log area inside the debug log and select Messages from the context menu, then scroll-down in the pop-up window until you see "Packets dropped for some reason" enable that option and click OK.

Hopefully you will now be able to see what module in Kerio Control is blocking those connections.


[Updated on: Tue, 07 February 2017 01:20]


Sales Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
Previous Topic: Update from 9.1.4 to 9.2 appliance time
Next Topic: calendar events - check availability
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Aug 22 01:57:42 CEST 2017

Total time taken to generate the page: 0.00433 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.