WBSN - Block Page: Failed to initialize remote file descriptor

Block Page: Failed to initialize remote file descriptor

Article Number: 000006428
Products: Web Security Gateway Anywhere
Versions: 7.7

Problem Description

Why am I receiving the following message when attempting to access a HTTPS site?
 
Cannot connect to XYZ.com, Failed to initialize remote file descriptor
 
  • User-added image

Resolution

This message may result from any of several different factors; however, is the typically problem is network traffic being blocked upstream via a firewall or ACLs. 
 
To check if an upstream device is altering network traffic, collect packet captures. Concurrently, run Wireshark on a client machine and run a TCPDump on the Content Gateway.  Examine the packet captures. Look for multiple SYN packets and an inbound HTTP RST from the origin server IP. For example: 
 
Request to  https://secure.logmein.com which resolved to 69.25.20.193.  
 
Checking firewall log displays an access block to the origin server IP from an ACL:
 
$ tail -f ipflog | grep 69.25.20.193
Nov 20 09:33:25 confw02 Nov 20 2012 09:33:25 CONFW02 : %ASA-6-106100: access-lis t inside-access-in denied tcp inside/158.73.19.194(22988) -> outside/69.25.20.19 3(443) hit-cnt 1 first hit [0x36b6e3b2, 0x2397f267]
 

 
After you identified an upstream device responsible for blocking network traffic, take corrective actions to ensure the traffic is no longer altered.
 

Notes & Warnings

This block page has been seen to appear with Intrusion prevention systems (IPS), located upstream of Websense Content Gateway (WCG).
¿Tiene más preguntas? Enviar una solicitud

0 Comentarios

Inicie sesión para dejar un comentario.
Tecnología de Zendesk