Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » some https sites are inaccessable from lan
  •  
blasto

Messages: 11
Karma: 0
Send a private message to this user
Hi,
I'm experiencing an odd situation with kwf 6.1.4 1044;

- I can not enter a secure site (X) from a computer behind the firewall inside the lan
- However I can enter another (Y) secure site without problem with the same computer
- Also I can enter the "X" from firewall host computer
- And via proxy server of the kwf I can enter "X" from the lan computer

I'm using nat to access internet and ISS filter is off but I cannot reach this particular site from lan: https://www.isbank.com.tr/
http version of the site is also accessable, I couldn't figure out why lan computers won't show the site. traffic policy doesn't have any rule to block, since other secure sites are viewing ok. I would appreciate it if you can try to access the above address from your network computers via nat and if you have any other solution ideas I will be happy to hear them. thanks
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
Are you using DSL? If so are you using PPPoE? If so are you using your ISP's software? If so this is most likely the cause of your issue. You should use http://www.raspppoe.com instead as most ISP dialer software will cause issues.

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
blasto

Messages: 11
Karma: 0
Send a private message to this user
Hi,
first let me answer your questions:
1)yes, I'm using adsl
2)yes, its PPPoE LLC
3)no, I'm not using isp software.
I have an aztech usb modem, configured with its own drivers, I'm using the Windows Xp Dialup connection and kwf dials for the persistent line gathering the info from RAS entry.
I have tried to run the software called rasppppoe but it exitted with the eroor message:
"Could not find any dial-up devices exposed by the PPP over Ethernet Protocol"

As I have mentioned before; firewall host can connect everywhere without problem but, network computers can not with nat while they can with proxy server. I tought that it was ISS filter interupting in an undesired fashion so updated to 1044 and disabled ISS but no luck again. Thanks for your interests and I'll appreciate any other ideas...
  •  
Petr Dobry (Kerio)

Messages: 776
Karma: 61
Send a private message to this user
You can try to lower MTU setting on KWF LAN interface and/or on workstation. Check this link http://www2.kansas.net/drtcp.asp

Petr Dobry
Product Development Manager | Kerio
  •  
hoki

Messages: 1
Karma: 0
Send a private message to this user
Well.. i'm having a similar problem... here's what i have..

Local network with 4 computers..
same version of KWF installed on server and client1, client2, client3... client1 has REMOTELYANYWHERE installed on port 2000 (url: https://client1:2000)

1. Server can access https://server:4081 to login
2. Client 1,2,3 can access server https://server:4081 to login.
3. Client 1,2,3 can access client1 https://client1:2000 to remotely anywhere
4. But server cannot access client1, nor any page on the net .. not even WindowsUpdate, etc...

if KWF is turned off.. it works fine...

Hope this helps.. but something is not right.

Hector OKi
  •  
blasto

Messages: 11
Karma: 0
Send a private message to this user
Lowering the MTU on workstations worked. Not on the firewall host but on all internal computers lowering MTU to 1480 cured the problem. Thanks for the help I would never be able to figure it out by myself.

ps: Hector I don't think that your situation is the same with this.
  •  
leodf

Messages: 16
Karma: 0
Send a private message to this user
Hi folks,

I had a lightening problem few days ago and now my ISP changed my CableModem that uses the USB port to connect to the server, and since that I've begun to have problems with secure pages.

Everything works fine except when there is an HTTPS involved on the transaction.

The old CableModem was connected using the Ethernet adapter but now this annoying situation appeared.

I tried to find the MTU option somewhere on the system and I couldn't find, anyone here has any idea where I can set this option on a USB CableModem (direct DHCP) ?

There is no PPPoE, it's just the cablemodem that gets an IP over the DHCP.

Thanks in advance Smile

By the way, this looks like a bug, isn't it ?

Leo
Previous Topic: VPN CLient Failure
Next Topic: Dual Gateway for different Application.... 2 Internet Gateway
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 16:04:29 CET 2017

Total time taken to generate the page: 0.00436 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.