Huzzahs are in order! My coworker took a look at the conversation we were all having and spotted the trail to the solution. I had been lost in the Content Filtering and hadn't fully realized there was a second blocking point in the Firewall section. He noticed we were blocking All Web File Sharing and he switched it to Binary over HTTP.
I hope this helps someone in the future! Thank you guys for all your help!
Do you have access to and did you check your logs and content filter settings?
I see this:
The logs show nothing to do with the content filter, unless I am looking in the wrong place. While Content filtering categories and web search filtering is enabled, This doesn't seem to be what is catching here.
update: after combing through the help documentation, I was able to find the content filter log. The log shows no indication of anything being blocked for that IP or URL. I also checked the url against BrightCloud's URL & IP Lookup, and it says the site is trustworthy. I'm stumped.
What firmware version are you running and what categories are you blocking? Version 16 doesn’t use Brightcloud anymore in favor of Talos.
and what about security center do you have advanced license and maybe it is blocked there?
Talos also shows the URL as Neutral.
Firmware: MX 16.16 (Up to Date)
Categories:
16.x still use brightcloud
Nbar is wildly inaccurate right now. It likes to classify everything as peer to peer, including dns. That was a fun one. We've had to disable l7 and content filtering rules for peer to peer which seems to fix it for now.
Why would Nbar be the blocking culprit? I wouldn't expect a PDF to be a bandwidth hog. Unless, it's the site itself, but even then, all other checks show nothing wrong with the site.
No idea - but the NBAR system is very wonky right now. Someone mentioned early 16x still uses Brightcloud, but we have systems still in the 16x train that are getting NBAR logs.
Can you access the root domain of that site? I can hit that and the long link pdf from your screenshot.
Yup, same here. I also used nslookup to run it against OpenDNS and it didn't block it either (I use CIRA on my home network).
Actually yes, I can get to that site using the root domain! That's so bizarre. It solves the initial problem one of my clients had about not being able to download that PDF, but doesn't tell me why it's being blocked still.
Huzzahs are in order! My coworker took a look at the conversation we were all having and spotted the trail to the solution. I had been lost in the Content Filtering and hadn't fully realized there was a second blocking point in the Firewall section. He noticed we were blocking All Web File Sharing and he switched it to Binary over HTTP.
I hope this helps someone in the future! Thank you guys for all your help!