Wednesday, August 4, 2021

Strange network filtering I can't hunt down.

My experience:
I'm a Network+ certificate holder but NOT a CCNA certificate holder. So I'm not nearly as advanced as many here.

My issue:
https:// and http:// connections to "google.com" fail to connect while on my network. I get a timed out error on any pc or browser

My expected resolution:

To be able to browse to google.com and use it like a normal person.

It appears that only HTTP/HTTPS is blocked to google.com:

  • https://google.com fails on domain connected PCs in all browsers as well as smart phones on the corporate wifi using their built in browsers. However, the failure only seems to affect "google.com"
  • accounts.google.com , gmail.google.com, youtube.com and even google.ca work just fine in any web browser.
  • > ping google.com
    • works as expected
  • > nslookup google.com
    • works as expected
  • > tracert google.com
    • works as expected

Troubleshooting attempted:

  • I've checked the DNS on my firewall and switched it from my ISP, to google and to OpenDNS. none have fixed the issue.
    • I've of course flushed the DNS on my test machines after every test.
  • I've removed/disabled my IPS software system for testing and this did not correct the issue.
  • I've checked my firewalls filtering settings and couldn't find anything of note.
  • I've checked by Microsoft DC server for any filtering or DNS rules and couldn't find anything of note.
  • I've manually changed a client PCs DNS settings so it wont use my in-network DNS server/relay. This did not fix the issue.

Conclusion: There is some form of HTTP network traffic filter on my network that I cannot find for the life of me. My major culprits are my firewall and my Domain Controller. I have failed to identify the correct setting or feature that could be blocking this traffic.

If anyone has encountered this issue in your systems or knows a likely place to check I'm all ears.

My Network Architecture

This business uses a full Unifi network stack. (Unifi Dream Machine Pro Firewall, Unifi Switches and Unifi Access points) The Domain Controller is a standard Windows Server 2019 and all PCs on the network are bound to it's domain. This is a small business with less than 40 employees and only one site. (no multi-site domains or anything fancy)

DHCP is handled by the domain controller, not the Unifi Firewall.

Thanks in advance!



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)