Can't access a website via Web Isolation. Browser displays a site can't be reached error page.
search cancel

Can't access a website via Web Isolation. Browser displays a site can't be reached error page.

book

Article ID: 232076

calendar_today

Updated On:

Products

Web Isolation Cloud Web Isolation

Issue/Introduction

Page doesn't load at all.

Page loads fine outside of  corporate network.

This site can't be reached.

The browser displays a page reset error:

 

Environment

Release : 1.15

Component : Proxy

Cause

Packet capture showed the initial connection to Web Isolation proxy being successful but then a reset for the ssl client hello. 

Resolution

No log entries were displayed on the Web Isolation manager for this connection which suggested something in between sending the rst. It is not going to be a tcp level issue such as close-wait state since the rst is not at the syn, syn ack, ack stage.

To prove this was not Web Isolation sending the rst we made a connection to the http equivalent url. So if the rst was for https://www.broadcom.com then we did a connection to http://www.broadcom.com. 

This would normally result in a redirect from http to https. In this case we could see the Palo Alto firewall blocking the connection based on dynamic dns category rather than the generic browser reset page.

Made change on the firewall to allow this site and the connection via Web Isolation is working again.

Additional Information

Note that www.broadcom.com was not the site in question here. It is just an example to show the redirect from https to http.

Powered by Wolken Software