Website Not Secure Only within internal Network

SOLVED
TimGeo
Here to help

Website Not Secure Only within internal Network

Our website, www.clinedesignassoc.com, shows up as "not secure" when visiting on our network. If I go to the website from my phone or if I take my laptop home and use my home WiFi it shows up with the correct certificates as secure. I'm wondering if our mx85 is doing something? Anyone have any suggestions? FYI this has been going on for awhile, I've even changed to a brand new laptop during so please don't suggest to clear the cache on the device. 

1 ACCEPTED SOLUTION
HScar
Here to help

Next I would try doing NSLOOKUP and see what IP address that site is resolving to from your DNS. It's resolving to

50.116.60.143 and working properly with https for me. You can also play with this from the Meraki dashboard, under appliance status and, clicking on the Tools button and using DNS Lookup.
 

After that, you may want to check your firewall flows and do some packet captures to see if traffic is going to the correct IP. You need to export to a syslog server to see flows on an MX. Good luck!

View solution in original post

12 REPLIES 12
CptnCrnch
Kind of a big deal
Kind of a big deal

Anything else regarding your setup? Currently we know that you're using MX85. Have your configured it to act as Web Proxy? Are your using Umbrella as Cloud Web proxy?

No to both of those. Let me know if any other info is helpful. 

CptnCrnch
Kind of a big deal
Kind of a big deal

What's the certificate showing up when you're browsing internally and how does it look like when you're coming from "external" sources? Especially: what's the signing party for that cert?

BlakeRichardson
Kind of a big deal
Kind of a big deal

Internal DNS setup correctly? 

PhilipDAth
Kind of a big deal
Kind of a big deal

You only get "secure" if using https.  Are you using https when browsing the website internally?

 

If you click on the "insecure" part next to the address, what reason has the browser given for reporting it as insecure?

HScar
Here to help

I would start by checking the Event Log on the MX Dashboard to see if it's blocking the website. You can also enter that domain/website under the content filter to see if it'll be blocked.

I tried your suggestions and the website isn't getting blocked. The content filtering labeled it as safe. 

HScar
Here to help

Next I would try doing NSLOOKUP and see what IP address that site is resolving to from your DNS. It's resolving to

50.116.60.143 and working properly with https for me. You can also play with this from the Meraki dashboard, under appliance status and, clicking on the Tools button and using DNS Lookup.
 

After that, you may want to check your firewall flows and do some packet captures to see if traffic is going to the correct IP. You need to export to a syslog server to see flows on an MX. Good luck!

Good thinking on the NSLOOKUP. So on the same laptop it's getting the same IP as you when hotspot to my phone but a different one when on our network. I'm not sure how to correct this though. I'll do some research but let me know if you have any tips. 

Nice. Sounds like we've narrowed the problem. Do you use an internal DNS or any kind of DNS filtering service? I would start investigating there to see why(and where) it's resolving.

We have a pretty basic setup, mostly just using Meraki for our networking setup. We don't have any kind of DNS filtering. 

So after doing some digging it was just a DNS issue. Thanks for pointing me in the right way. 

 

We had two old entries in our DNS server that didn’t get changed along with the external records when the website changed addresses

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels