Please help re secure web site

Hi everybody

I am hoping someone can give me some advice as to what is going wrong.

I am trying to access a secure banking website, but the page either loads really slowly and doesn't complete, or does not load at all. I have absolutely no problems with any other secure sites, and I have followed the steps in the following link - http://support.microsoft.com/kb/870700/en-us - but the problem still persists.

The site that I am trying to access belongs to quite a large bank here in the UK, so I don't think tha the problem could be their end, and this has been happening for some time.

Any advice that you could give would be most appreciated, and thanks in advance.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Claud Murdock

At work, I have that EXACT same problem with our peoplesoft administration system. It has something to do with the security/java settings in the tools->i-net options-> tabs. In IE it loads like a crawl, but under firefox, it loaded in a heartbeat. I never figured out EXACTLY what the cause was, but now that I was issued a new system, IE loads it fine.
Lesson: dont use IE.

Hope this was helpfull,

Mike

Trailerisf

grey fox wrote:

Hi everybody

I am hoping someone can give me some advice as to what is going wrong.

I am trying to access a secure banking website, but the page either loads really slowly and doesn't complete, or does not load at all. I have absolutely no problems with any other secure sites, and I have followed the steps in the following link - http://support.microsoft.com/kb/870700/en-us - but the problem still persists.

The site that I am trying to access belongs to quite a large bank here in the UK, so I don't think tha the problem could be their end, and this has been happening for some time.

Any advice that you could give would be most appreciated, and thanks in advance.

Call them... Their tech department will get the calls all day long. They will walk you through the issue.

grey fox

Thanks for the replies guys.

I should also have mentioned that the problem appears in Firefox as well, sorry about that. I have also spoken to the banks tech support guys and they gave me the usual advice e.g. making sure the necessary ports are open (80 and 443) on the firewall and all that.

At first I thought it was a firewall problem because both myself and my boss are able to use the site from our homes, but I have tried to connect back at work with some of the firewall filters switched off and still no joy. I am even beginning to wonder if it may be some problem with our ISP, but apart from there being a DNS issue I can't of any reason why this would be true.

Thanks once again for your advice, and a late Happy Thanksgiving to everybody.

seuss_ssues

If your using Norton and turning the firewall off it may still be running in the background. Lots of times you will actually have to turn its service off in services.msc.

grey fox

seuss_ssues wrote:

If your using Norton and turning the firewall off it may still be running in the background. Lots of times you will actually have to turn its service off in services.msc.

We do use Norton but don't have the firwall facility installed on any of the machines, only anti-virus. Would this still be worthwhile trying out tomorrow?

sprkymrk

To find out if DNS is an issue, try connecting to the site via IP rather than FQDN, or try putting an entry for the site in a computer's host file. Some firewalls will perform a reverse-lookup for security reasons, but this can cause a huge delay if the site has no ptr record.

grey fox

Thanks sprkymrk. I will try this out tomorrow.

Trailerisf

Another thing you can try is turn every option in IE to enabled... allow everything and see if it works...

grey fox

Okay, so I tried connecting to the site using it's IP address and got the same result as before. I decided to check connection with tracert using both the IP address and FQDN and the request times out on both after the 9th hop, so I have concluded that this isn't a problem at our end.

Is this the right conclusion guys?

Edit - I have just used pathping on both addresses and have just seen that the the last entry is the fqdn of the client that I am using but the IP address is 0.0.0.0, so this may still be my problem after all

sprkymrk

grey fox wrote:

Okay, so I tried connecting to the site using it's IP address and got the same result as before. I decided to check connection with tracert using both the IP address and FQDN and the request times out on both after the 9th hop, so I have concluded that this isn't a problem at our end.

Is this the right conclusion guys?

Not really, as many firewalls will not reply to ICMP. One other thought - the site might be trying to load a certificate or activeX control. Have you tried to log on to a computer as an admin and access the site? It may prompt you to load something as an admin, whereas a user won't see anything and therfore be unable to access the site.

grey fox

Hi sprkymrk

Yeah I have been trying out the certificate option installing on both the client and the router, and I have also tried to use the site as both local and domain admin, and still the bugger plays up. This is just such a strange problem because every other part of the site use https but has absolutely no problems loading, I just don't get it

Any other advice would still be greatly appreciated, but I just want to say a really big thank you to everybody who has given me advice on this issue, I haven't felt alone while trying to deal with this problem and I think that has kept my halfway sane

sprkymrk

Okay, would you mind posting a check list of things you have done so far? Something like this:

1. Tried access from home computer - successful.
2. Tried to access from work by IP.
3. Tried logging in to work computer as admin.
4. Tried to access from work with firefox.
etc.

I am thinking it's a firewall issue on your side since IE, IE as admin, and firefox all fail, but access from home succeeds. Can you place a work computer (laptop would be easiest) just outside your firewall (on a DMZ switch for example) and try to access the site from there? Keep in mind you may have to modify IP/DNS settings on the laptop once you are outside your LAN, but otherwise I would try to use a work configured computer in case something in your standard image/setup may be causing the problem.

grey fox

Hi sprkymrk

Sorry about the delay in getting back to you and thanks for helping me out with this issue.

Tried access from home computer - successful
Tried to access from work by IP
Tried logging in to work computer as admin
Tried to access from work with firefox
Tried using the steps from this support article - http://support.microsoft.com/kb/870700/en-us
Tried setting up manual rules on the firewall to allow https traffic through and have also tried configuring it as a service within the firewall
Tried installing the sites certificate on the client that I was using and also tried to import the certificate as a trusted certificate authority within the firewall.
Tried to access the site with the firewalls Denial of Service filter off to see if TCP resets were a factor

Aside from the above the site in question has been included in the trusted sites list for IE and Windows Firewall has been turned off. Oh and I haven't mentioned the pathping and tracert fiascos cos I feel foolish

I should be able to get my hands on a laptop tomorrow, so I will try and play further using the firewall's DMZ port tomorrow. So unless you have further instructions you need to give me I will let you know how I get on.

Thanks once again for your help.

sprkymrk

Okay, good luck grey fox, sounds like you've been busy.

Can you mention what firewall you use and how long this problem has occurred? I never thought to ask if this is something that has never worked, or did it work previously and then stop?

grey fox

The firewall in use is a Zywall 35

Okay, good luck grey fox, sounds like you've been busy.

Yeah I've been racking my brains over this issue because I just can't find any satisfactory explanation as to why this might happen, which is why some of my posts look like I have been clutching at straws.

I can sometimes connect, but the connection rate is always very slow and you can sometimes need to hit the refresh button a few times.

sprkymrk

Interesting firewall, it looks pretty full featured. Are you using the Content Filtering or Traffic Management features?

Content Filtering
Java/Active X/Cookie/Proxy Blocking
URL and Keyword Blocking
Web Content Filtering (Bluecoat)
Traffic Management
Policy-based Traffic Shaping
Priority-bandwidth Utilization
Guaranteed and Maximum Bandwidth Allocation

If so, try disabling them and then try the site. I've noticed that a lot of sites (especially "secure" sites) tend to do weird things with http outside of RFC standards, and that some firewalls (read: good firewalls) can see that something strange is going on (like port redirects or such) and will drop/block the attempt. If you can get that laptop set up tomorrow on your dmz, fire up TCPDump and see what the traffic is doing. Actually, it looks like your firewall has an ssh connection, so it may have TCPDump built in. Bring up 2 SSH connections to your firewall and then run this command (substitute a client IP address for 1.2.3.4):

tcpdump -i eth0 host 1.2.3.4 (assuming eth0 is your inside interface)

and on the other SSH:

tcpdump -i eth1 host 1.2.3.4 (assuming eth1 is your outside interface)

What this will do is show you on the inside interface traffic going to the site, and then on the outside interface watch the traffic coming back. If you only watched the inside interface, you wouldn't see traffic that is coming back but being stopped by your firewall at the outside interface.

If your firewall does not have tcpdump (I am downloading the pdf guide now, but it's 35mb) then load it on your laptop. It's a great tool, and you don't have to worry about privacy concerns like you would with ethereal/wireshark.

grey fox

Hi sprkymrk

Content Filtering - Sorry that was something that I should have mentioned. Yes we do use this facility, and I have tried accessing the site with filtering switched and also putting the site in the trusted list, but the same results occur.

I will hopefullly be able to try out the laptop scenario later this evening and will get back to you then.

Thanks for helping out mate.

sprkymrk

No problem. Also, the PDF guide to your firewall finally downloaded (it was a sloooow download) and the SSH function appears to be very limited. There do not appear to be any trouble shooting tools, you can only have one SSH connection at a time, and it looks like it's sole purpose is for SFTP. As if that weren't bad enough, it looks like it only supports SSH v1.

Try the tcpdump on the laptop if you cannot connect from outside your firewall. However, I have a hunch that the firewall is the problem.