Connection failure to websites

From Secure Web Gateway

Issues

  1. When I access website, it is displaying connection fail error “Connection to 192.168.27.30:80 failed
  2. When I access https://abc.safesquid.com/  via proxy and login using my corporate email ID, it is displaying connection fail error “Connection to abc.safesquid.com:443 failed

 

2.jpg

Root Causes

  1. If the website which you are trying to reach is not up
  2. If you unable to reach to the particular website because of internet slowness issue.

Troubleshooting

Case1:

Check whether the website is opening without proxy configuration inside browser ( No proxy in the middle).

If the website is not opening without proxy, then it is not the problem with SafeSquid.

If it is opening without proxy, then Run below command to verify whether the website is resolving or not.

Command:  nslookup 192.168.27.30

To check SafeSquid server is connecting to 192.168.27.30 on port 80

Command: telnet <WEBSITE> <PORT_TO_CONNECTON> 

you will get this output if the website is not able to connect

telnet 192.168.27.30 80
Trying 192.168.27.30...
telnet: Unable to connect to remote host: No route to host

If the website is able to connect you will get below output

telnet <WEBSITE> <PORT_TO_CONNECTON>

you will get this output if the website is not able to connect :

Command:telnet 192.168.27.30 80

you will get this output if the website is able to connect

root@dev:~# telnet 192.168.27.30 80
Trying 192.168.27.30...
Connected to 192.168.27.30.
Escape character is '^]'.

 

Case 2: If you have  server with on-premises environment integrated with directory services. DNS resolution is done by directory DNS server.

To check configuration on local internal network and its address record pointed on active directory(AD) or local DNS server

Run below commands on command prompt for abc.safesquid.com

Command:  nslookup abc.safesquid.com

If the website is resolving to the local internal network e.g. (10.10.11.78,10.10.128.106)

You have to do the conditional forwarding to safesquid local caching DNS server

Go to the path : /etc/bind/

and create a file

Command: vim named.conf

root@swg:/etc/bind# vim named.conf

// This is the primary configuration file for the BIND DNS server named.

//

// Please read /usr/share/doc/bind9/README.Debian.gz for information on the

// structure of BIND configuration files in Debian, *BEFORE* you customize

// this configuration file.

//

// If you are just adding zones, please do that in /etc/bind/named.conf.local

 

include "/etc/bind/named.conf.options";

include "/etc/bind/named.conf.local";

include "/etc/bind/named.conf.default-zones";

include "/etc/bind/safesquid.dns.conf";

include "/etc/bind/abc.safesquid.com";

Go to the path

Command: cd /etc/bind/

 And create a file

Command: vim abc.safesquid.com

Add below lines

zone "abc.safesquid.com" {

   type forward;

   forwarders { 10.10.124.101; };

};

Command to restart bind9 service:

Command:/etc/init.d/bind9 restart

verify whether the website is resolving to the local IP successfully or not.