I've been trying to figure out why the firewall is blocking my access to the following subnet, 22.214.171.124. I have been given 2 links to log into a Western Bank site that our finance dept will be using. I've audited the traffic on the IP # of the gal trying to get in and it's not being blocked, yet we're not getting past the log in screen. We can get to the site from outside our network/firewall. I added the subnet mentioned to our defense bypass group to no avail.
I get the following audit details.......any help is appreciated. I'm not sure what kind of AC rule I need to create. Usually adding a subnet or IP to our Defense Bypass group takes care of this sort of problem.
2012-05-31 14:32:49 -0500 f_http_proxy a_libproxycommon t_nettraffic p_major
pid: 67150 logid: 0 cmd: 'httpp' hostname: nocgate1.humdev.com
event: session end application: SSL/TLS (HTTPS) app_risk: low
app_categories: tunnels netsessid: 6362d4fc7c6b6 srcip: 10.128.104.182
srcport: 52072 srczone: internal protocol: 6 dst_geo: US
dstip: 126.96.36.199 dstport: 443 dstzone: external
bytes_written_to_client: 36906 bytes_written_to_server: 11333
cache_hit: 1 start_time: 2012-05-31 14:29:58 -0500
That audit message shows that the firewall is allowing the traffic. Tcpdumps on both sides of the firewall would be good to show if the firewall is blocking the site.