GoDaddy CRL Issues?

ESwisher — Sun, 12 Jan 2020 03:38:18 GMT

Running R80.30, and looking at my Logs to make sure rules are working correctly. I sorted by destination = my WAN IP for last 7 days.

In the Top Sources, I saw that a ton (33%) are from one IP: 72.167.18.237. They are all drops due to First packet isn't SYN. TCP Flags RST.

72.167.18.237 resolves to p3plpkivs-v01.any.prod.phx3.secureserver.net

After some more research, that IP also resolves to crl.godaddy.com

Looked at my Logs for destination = 72.167.18.237 and several times every minute, my Firewall (source = my WAN IP) is contacting 72.167.18.237 on http via Implied Rule 0.

I do have HTTPS Inspection enabled.

Is my Firewall trying to check the GoDaddy CRL and failing?

Re: GoDaddy CRL Issues?

FedericoMeiners — Sun, 12 Jan 2020 05:23:51 GMT

Hello,
It may be a good idea to do a packet capture with tcpdump or the tool of your preference in order to see what is happening under the hood: Is the initial handshake finished? Is it failing at the TLS Handshake? How much time does the responses take? Are there tons of retransmissions from one side?

Hope it helps

topic GoDaddy CRL Issues? in General Topics

GoDaddy CRL Issues?

Re: GoDaddy CRL Issues?