Afternoon all,
Having some networking issues, I've narrowed it down to a combination of Meraki and Windows/Mac.
Getting a lot of "Secure Connection Failed" from internet browsers.
It works in Linux, it works outside the firewall, and it works on other sites.
Running in a VM on a Windows box, the following:
for i in {1..1000} ; do wget https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js -O bootstrap.$i -o bootstrap.$i.log ; wget https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css -O theme.$i -o theme.$i.log ; done
for i in bootstrap theme ; do echo -n "$i: " ; grep GnuTLS $i* | wc -l ; done
Gives a 70-80% connection failure.
I've turned off local AV (ESET), AMP and ID&P on the Meraki MX64 and am still getting the error.
Tested using a Fedora27 VM running on a Windows 10 (1709).
Also tested on a CentOS VM running on ESX which works fine.
Also tested on a Mac which doesn't work.
Any thoughts suggestions on what's going on would be much appreciated.
Many thanks in advance,
I just tried the two links on a Windows 10 machine and both loaded fine. The network I tested on is an MX84. AMP disabled, prevention, balanced, and content filtering top sites.
I just tried each URL with Ctrl+F5 10 times each in Chrome and no issues. I can try in a different browser etc if you'd like. What firmware version is your MX and how do you have your content filtering set?
I'm at 13.28 also. Have you encountered the issue on a workstation that isn't in your ESX/VM environment?
I notice this URL uses an ultimate DNS record with a TTL of just 60s, and it keeps rotating those IP addresses.
Are the DNS servers you using honouring the TTL?
Or, if possible, try setting a static external DNS like 8.8.8.8 and 8.8.4.4 on one of the clients that is having the issue to test.
Hi,
I've set the DNS to 8.8.8.8 and 8.8.4.4 and still get the issue, so it doesn't appear to be a DNS issue either.
I need to find other test cases I can replicate, not just these 2 files...
Thank you for your help so far.
Let me know if you find a test case. I'd be happy to try it in one or two of my environments.