Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Employee
Employee

GoDaddy CRL Issues?

Running R80.30, and looking at my Logs to make sure rules are working correctly. I sorted by destination = my WAN IP for last 7 days.

In the Top Sources, I saw that a ton (33%) are from one IP:  72.167.18.237. They are all drops due to First packet isn't SYN. TCP Flags RST.

72.167.18.237 resolves to p3plpkivs-v01.any.prod.phx3.secureserver.net

After some more research, that IP also resolves to crl.godaddy.com

Looked at my Logs for destination = 72.167.18.237 and several times every minute, my Firewall (source = my WAN IP) is contacting 72.167.18.237 on http via Implied Rule 0.

I do have HTTPS Inspection enabled.

Is my Firewall trying to check the GoDaddy CRL and failing?

0 Kudos
1 Reply
Highlighted

Re: GoDaddy CRL Issues?

Hello,
It may be a good idea to do a packet capture with tcpdump or the tool of your preference in order to see what is happening under the hood: Is the initial handshake finished? Is it failing at the TLS Handshake? How much time does the responses take? Are there tons of retransmissions from one side?

Hope it helps
____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos