[SOLVED} Webhooks not received, client resets TCP connection

mvenditto
New here

[SOLVED} Webhooks not received, client resets TCP connection

I've been encountering an issue while using the Meraki webhooks. 
The same webhook setup has been working with no problems for several time, 
but then we suddenly stopped receiving requests from the Meraki Dashboard.
 
Furhter investigation on Wireshark dumps, showed the following pattern happening.
 
Meraki -> Server  Client Hello
Server -> Meraki  Server Hello, Cert, Server Key Exchange, Hello Done
Meraki -> Server  ACK
Meraki -> Server  ACK
Meraki -> Server  Client Key Exchange
Meraki -> Server  Change Cipher Spec
Server -> Meraki  ACK
Meraki -> Server  RST
 
assumptions:
It seems that for some reason the client drops the connection after the handshake.
I assume that the RST packet comes directly from the client as we cannot find any evidence
of our company firwall messing with the connection, and our http server itself is not load balanced.
 
other information: 
- the server is hosted on Windows Server 2019 under IIS
- we experience this problem only during the interaction with the 'Meraki client'
- no explicit SSL/TLS errors
- no traces in SCHANNEL logs
- the webhooks are tracked in the meraki logs with status -1
- triggering a test webhook from the Dashboard api, gives a webhook
  in a state indicated as 'abandoned'
 
Thank in advance for any help

UPDATE
contrary to what was stated before, the RST packet was actually forged by a Checkpoint device 
one hop before our server (the RST packet TTL in the capture highlighted that).
The connection was forcibidly closed because the firewall was detecting a false positive SSL renegotiation attack.
0 REPLIES 0
Get notified when there are additional replies to this discussion.