Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Moudar
Advisor

Can not surf to a website

Hi

when trying to surf to a specific website i get this error "ERR_EMPTY_RESPONSE" on all browsers.

When I open the same website from a private PC (no firewall) then it works with no problem.

 

All logs are "Accept" but still getting "ERR_EMPTY_RESPONSE" on browsers

 

What should I troubleshoot when seeing this: ERR_EMPTY_RESPONSE  ?

 

0 Kudos
49 Replies
the_rock
Legend
Legend

To output anything else into a file, you can do say like this -> ip r g 8.8.8.8 > /var/log/output.txt

Andy

0 Kudos
the_rock
Legend
Legend

If you can get the capture file, please send it here. I can review it later.

Andy

0 Kudos
Moudar
Advisor

I could not take the file out, but cat capture.out shows this weird text 

 cat capture.out
snoop            7   7   P    f9# icbond0.586 E  )=@  0Vd P^##ː<P O@       6   6   P    f9#  !Itbond0.586 E  (>@ m
 0Vd P^##ː<P O@       6   6   P    f9#  lo2bond0.586 E (@ RVd
 0 Pː<^#$P @@       6   6   P    f9#  tOhbond0.586 E (@ RVd
 0 Pː<^#$P @@       :   :   T    f9#         icbond0.586 E 4?@ m
 0Vd PI             :   :   T    f9# icbond0.586 E 4@@ m
 0Vd P             :   :   T    f9# Itbond0.586 E 4?@ m
 0Vd PI             :   :   T    f9#  o2bond0.586 E 4e@ PiVd
 0 P,׎Ì*       :   :   T    f9#  'Ohbond0.586 E 4e@ PiVd
 0 P,׎Ì*       6   6   P    f9#  icbond0.586 E  (A@ m
 0Vd PI,׏P       :   :   T    f9#  Itbond0.586 E 4@@ m
 0Vd P             6   6   P    f9#  Itbond0.586 E  (A@ m
 0Vd PI,׏P       :   :   T    f9# $o2bond0.586 E 4VX@ vVd
 0 P              :   :   T    f9# )o2eth1-01 f E 4@ o
 0Vd PI    "       :   :   T    f9# 3Ohbond0.586 E 4VX@ vVd
Vd P              :   :   T    f9# :Oheth1-01 f E 4@ 4VPVd): PI    ad       6   6   P    f9# Co2bond0.586 E (@ 
Vd P,׏IP        6   6   P    f9# HOhbond0.586 E (@ 
 0 P,׏IP        :   :   T    f9# Oicbond0.586 E B@ k
 0Vd PI,׏Pؔ  GET      :   :   T    f9# hItbond0.586 E B@ k
 0Vd PI,׏Pؔ  GET      6   6   P    f9# icbond0.586 E  (C@ m
 0Vd PP 7       6   6   P    f9# Itbond0.586 E  (C@ m
 0Vd PP 7       :   :   T    f9# o2eth1-01 f E 4*@ i
 0Vd P-           :   :   T    f9# Oheth1-01 f E 4*@ .Vd); P-           6   6   P    f9# o2bond0.586 E (@ H Vd
 0 PP (       6   6   P    f9# Ohbond0.586 E (@ H Vd
 0 PP (       6   6   P    f9# ,o2bond0.586 E (@ iVd
 0 P,׏KP%       6   6   P    f9# ,Ohbond0.586 E (@ iVd
 0 P,׏KP%       :   :   T    f9#
o2eth1-01 f E 4q@ a]
 0Vd PI    "       :   :   T    f9#
Oheth1-01 f E 4q@ %PVd): PI    ad       :   :   T    f9#
o2eth1-01 f E 4@ W+
 0Vd P-           :   :   T    f9#
1Oheth1-01 f E 4@ Vd); P-           :   :   T    f9#
o2eth1-01 f E 4 @ 9
 0Vd PI    "       :   :   T    f9#
Oheth1-01 f E 4 @ ůPVd): PI    ad       :   :   T    f9#
o2eth1-01 f E 4@ c
 0Vd P-           :   :   T    f9#
Oheth1-01 f E 4@ 'PVd); P-           :   :   T    f9#
o2eth1-01 f E 4y@ ?U
 0Vd PI    "       :   :   T    f9#
Oheth1-01 f E 4y@ PVd): PI    ad       :   :   T    f9#
ko2eth1-01 f E 4d @ 
 0Vd P-           :   :   T    f9#
Oheth1-01 f E 4d @ b%PVd); P-           :   :   T    f9
o2eth1-01 f E 4WS@ {
 0Vd PI    "       :   :   T    f9
Oheth1-01 f E 4WS@ nPVd): PI    ad       :   :   T    f9
o2eth1-01 f E 4;@ {
 0Vd P-           :   :   T    f9
Oheth1-01 f E 4;@ @
PVd); P-           :   :   T    f9$ icbond0.586 E 4D@ m
 0Vd&EF      Kv       :   :   T    f9$ ^icbond0.586 E 4E@ m
 0Vd'gM      ;       :   :   T    f9$ picbond0.586 E 4F@ m
|icbond0.586 E 4uU@ ~  :   :   T    f9$ 
  Vd} P3#    u       :   :   T    f9$ cwicbond0.586 E 4G@ m
 0Vd) P`y_      i#       :   :   T    f9$ eJItbond0.586 E 4G@ m
 0Vd) P`y_      i#       :   :   T    f9$ ero2bond0.586 E 4n@ `Vd
 0 P)S`y`H       :   :   T    f9$ e|Ohbond0.586 E 4n@ `Vd
 0 P)S`y`H       6   6   P    f9$ eicbond0.586 E  (H@ m
 0Vd) P`y`SPP       6   6   P    f9$ eItbond0.586 E  (H@ m
 0Vd) P`y`SPP       :   :   T    f9$ f
o2eth1-01 f E 4i@ ue
 0Vd) Py_           :   :   T    f9$ fOheth1-01 f E 4i@ 9PVd)= Py_            6   6   P    f9$ fo2bond0.586 E (I@ ,Vd
 0 P)S`y`P H       6   6   P    f9$ fOhbond0.586 E (I@ ,Vd
 0 P)S`y`P H       :   :   T    f9$ jicbond0.586 E 4I@ m
 0Vd* Pu-(      ;       :   :   T    f9$ lWItbond0.586 E 4I@ m
 0Vd* Pu-(      ;       :   :   T    f9$ lto2bond0.586 E 4,@ Vd
 0 P**u-(       :   :   T    f9$ l{Ohbond0.586 E 4,@ Vd
 0 P**u-(       :   :   T    f9$ licbond0.586 E J@ k
 0Vd) P`y`SP@  GET      :   :   T    f9$ lItbond0.586 E J@ k
 0Vd) P`y`SP@  GET      6   6   P    f9$ licbond0.586 E  (K@ m
 0Vd* Pu-(*PM       6   6   P    f9$ lItbond0.586 E  (K@ m
 0Vd* Pu-(*PM       :   :   T    f9$ m o2eth1-01 f E 4I@ 
 0Vd* Pum(    [       :   :   T    f9$ m  Oheth1-01 f E 4I@ |lPVd)> Pum(           6   6   P    f9$ mo2bond0.586 E (@ SVd
 0 P**u-(P R       6   6   P    f9$ mOhbond0.586 E (@ SVd
 0 P**u-(P R       6   6   P    f9$ o2bond0.586 E (~@ \Vd
 0 P)S`{#PF^       6   6   P    f9$ Ohbond0.586 E (~@ \Vd
 0 P)S`{#PF^       :   :   T    f9$ o2eth1-01 f E 4"@ 
 0Vd* Pum(    [       :   :   T    f9$ Oheth1-01 f E 4"@ NPVd)> Pum(           :   :   T    f9$ o2eth1-01 f E 4EJ@ 
 0Vd) Py_           :   :   T    f9$ Oheth1-01 f E 4EJ@ PVd)= Py_            :   :   T    f9$ o2eth1-01 f E 4@ O
 0Vd) Py_           :   :   T    f9$ Oheth1-01 f E 4@ PVd)= Py_            :   :   T    f9$ o2eth1-01 f E 4"@ _
 0Vd* Pum(    [       :   :   T    f9$ Oheth1-01 f E 4"@ $#PVd)> Pum(           6   6   P    f9$  o2bond0.586 E ("@ +Vd
 0 P,׏KP$       6   6   P    f9$  Ohbond0.586 E ("@ +Vd
 0 P,׏KP$       6   6   P    f9$  o2eth1-01 f E (L@@ 
 0Vd PI    P         6   6   P    f9$  Oheth1-01 f E (L@@ zPVd): PI    P  /       6   6   P    f9$ Ricbond0.586 E  (O@ m
 0Vd PK,אP       6   6   P    f9$ Itbond0.586 E  (O@ m
 0Vd PK,אP       6   6   P    f9$ icbond0.586 E  (P@ m
 0Vd PK,אP       6   6   P    f9$ Itbond0.586 E  (P@ m
 0Vd PK,אP       6   6   P    f9$ o2bond0.586 E (E@ CVd
 0 P,אKP#       6   6   P    f9$ Ohbond0.586 E (E@ CVd
 0 P,אKP#       6   6   P    f9$ C*o2bond0.586 E (@  Vd
 0 PP (       6   6   P    f9$ C<Ohbond0.586 E (@  Vd
 0 PP (       6   6   P    f9$ CKo2eth1-01 f E (,@ 
0 Kudos
the_rock
Legend
Legend

Just enable winscp and get it that way via winscp software. You can enable it by rinning chsh -s /bin/bash admin

Andy

0 Kudos
the_rock
Legend
Legend

I need an actual file that can be reviewed in wireshark.

Andy

0 Kudos
Moudar
Advisor

how to send (attach) the file in private?

0 Kudos
the_rock
Legend
Legend

Just message me directly and we can correspond via email. Just need to step out for a bit, but will be back later.

Andy

0 Kudos
the_rock
Legend
Legend

Got your file, thanks! Let me see if I can make sense of it.

Andy

0 Kudos
the_rock
Legend
Legend

So, it appears ONLY ack happens on the way back, every packet shows malformed, so the fact you see that log in CP totally makes sense. I dont believe this is Check Point issue based on below snippet from the screenshot.

Andy

 

Screenshot_1.png

 

 Just curious, can you see if this parameter exists?

fw ctl get int mux_enabled

0 Kudos
Moudar
Advisor

fw ctl get int mux_enabled
Get operation failed: failed to get parameter mux_enabled
get: Operation failed
/bin/cpfw_start: line 12: 25948 Killed

0 Kudos
Moudar
Advisor

208.86.159.100 via x.x.x.x dev eth1-01 src y.y.y.y

x.x.x.x = our ISP address

y.y.y.y our external IP address

PhoneBoy
Admin
Admin

Actually, the TCP connection went through the full three way handshake and closed properly.
However, there was not enough information to properly identify the connection.
In that case, this message and behavior is by design, as stated in: https://support.checkpoint.com/results/sk/sk113479

I suggest trying the "Extended Reason" steps in the SK to see if that provides any additional information.

0 Kudos
the_rock
Legend
Legend

I looked through the capture file @Moudar sent me, but I dont see it being completed anywhere. Will check again tomorrow morning.

Andy

0 Kudos
Tom_Hinoue
Advisor
Advisor

@Moudar  @the_rock 
Just wondering. Is the firewall's external interface directly connected to the internet?
I'm assuming there maybe a different firewall or content filter on external side that's blocking the site and not the firewall.

I just had a similar issue with my customer recently... ended up their upstream router was blocking the connection, with the "insufficient data passed" in security logs unable to match the access policy.

0 Kudos
the_rock
Legend
Legend

Good point. I will let Moudar answer that question, as I dont know their network.

Best,

Andy

0 Kudos
the_rock
Legend
Legend

I see what you mean, ack does show as present, but makes sense if info is not there to identity the connection.

0 Kudos
Moudar
Advisor

Today, out of the blue, it began triggering the custom application site rule. Specifically, it started activating the correct rule at 07:16:28 this morning. The rule encompasses these three options:

custom-app-policy.JPG

How to check which got the hit?

both use the same IP address!

0 Kudos
the_rock
Legend
Legend

Just parse through the logs on whatever the source IP was.

Andy

0 Kudos
the_rock
Legend
Legend

Example from my lab...obviously, your rule number would be different, but you get an idea.

Andy

 

Screenshot_1.png

0 Kudos
_Val_
Admin
Admin

Please open a TAC case for this issue: https://help.checkpoint.com

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events