ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

cannot access a particular website

08.03.10   |  
‎08-03-2010 12:23 AM

hi,

  I have a SSG20 in our office network .The internet is also access by the device SSG20.

 But while trying to access the particular website(www.iss-nepal.com)  ,it fails.

          What may be the reason behind this?

 Thankyou.

6 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: cannot access a particular website

08.03.10   |  
‎08-03-2010 08:41 AM

The typical reason for this is the MTU on the path is smaller than what the website expects. If you set path-mtu, this should fix the problem:

 

SSG20> set flow path-mtu

SSG20> save

However, if the remote admin has blocked or otherwise disabled ICMP, this will not correct the problem.
HTH,

-Keith

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cannot access a particular website

08.04.10   |  
‎08-04-2010 12:33 AM

Hi,

  Thanks for the reply.I tried  with the MTU command but it still not working.

 Can broswe all the sites except  the one   (www.iss-nepal.com).

        Thank you.

ScreenOS Firewalls (NOT SRX)

Re: cannot access a particular website

08.04.10   |  
‎08-04-2010 12:42 AM

Hi,

 

You can also try to configure a custom service with TCP-80, add a separate policy for this destination and select Application "Ignore" in the policy.

 

Kind regards,

Edouard

 

 

Kind regards,
Edouard
ScreenOS Firewalls (NOT SRX)

Re: cannot access a particular website

08.07.10   |  
‎08-07-2010 10:23 PM

hi Edouard

Thank for the reply. I also tried by creating a separate policy with the customize service and Application "Ignore".But it still not working .

    Any other  suggestion please?

 

 Thank you.

ScreenOS Firewalls (NOT SRX)

Re: cannot access a particular website

08.09.10   |  
‎08-09-2010 12:47 AM

Hi!

 

This seems to be a fragmentation issue. PMTU option does not always solve the problem. If a router on the distance does not correctly handle fragmentation and there are additional overheads in the packet size due to specific transport media (PPPoE, sattelite, GPRS etc), many packets may be dropped. Try to tune tcp-mss as described in KB6346.

 

Kind regards,

Edouard

Kind regards,
Edouard
ScreenOS Firewalls (NOT SRX)

Re: cannot access a particular website

08.17.10   |  
‎08-17-2010 02:38 AM

The problem isnt solved yet. I have tried all these. Plase suggest.

Ayush Subedi