Resolved: Help Exchange Online Blocked

jjones123 · Aug 11, 2017, 7:56 PM

Hi All,

This is a continuation of the thread I started in the firewall section https://forum.pfsense.org/index.php?topic=134921.0. As I no longer believe this is a firewall issue I'm posting here.

Basically I have a fresh install of pfsense at my SOHO. I'm unable to access my work email which is at O365 though I am able to go just about anywhere else.

After a good chunk of troubleshooting (see other thread) I ran a packet capture & what I am seeing is the connection getting no response to ARP. I'm posting a chunk of the packet capture below:
17:21:17.600215 [REDACTED] (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 40.97.153.82 tell [REDACTED], length 28
17:21:19.601256 [REDACTED] (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 40.97.153.82 tell [REDACTED], length 28

Any thoughts?

Velcro · Aug 9, 2017, 1:12 AM

Ill do the best I can to try and help. Can you clarify somethings:

When you go to your firewall tab(Status->System logs->firewall tab) what is being blocked?
When you say you can go just about anywhere…where can't you go?
Are you wireless or is this via LAN?
Any switches or multiple segmnets?
Any pfBlocker Alerts?

jjones123 · Aug 9, 2017, 5:39 PM

Thanks Velcro.

I'm at work & will post the requested information when I get home to where I can get the logs (pfblocker alerts & the firewall blocking).

What I can say is that I have:

tried from multiple devices wired & wireless (desktop, laptop, & phone) with the same results. I can get to multiple sites, but Exchange is locked
the only places I have been that have been blocked were the tests I was running on pfblocker to make sure the ad / malware sites were blocking appropriately
I am able to get to many other O365 sites (SharePoint, Skype, OneDrive), I just can't reach Exchange / Outlook Web Access

My network setup is pretty basic, it looks like: Internet <–> Modem <--> pFsense <--> Unmanaged Switch <--> LAN / WAPs

Thanks again

EDIT:

I've added screenshots from the pfblocker alters & firewall while I was running attempted network connections to O365 through the Microsoft support tool. I'm not seeing anything in pfblocker indicating that it is blocking this (note falcon is my phone not the PC I was testing from) & all of the firewall logs look like it is passing the traffic (the IPs starting with 40 are in the published O365 ranges).

I will double check in the CDN blocking as recommended but I'm unsure as I'd expect to see that in the pfblocker logs

tim.mcmanus · Aug 9, 2017, 8:58 PM

Depending on how you have pfBlocker set up and which rules lists you are using, it could be blocking a CDN that O365 is using. I had this issue when I was using pfBlocker, and I had to deep-dive the logs to see where the error was occurring. Finding the offending list that you're subscribed to will also be a challenge. But that's where I'd start looking.

jjones123 · Aug 9, 2017, 11:42 PM

I did a little troubleshooting & I put a small & old asus firewall / router I had between my modem & pfsense. Now everything appears to work.

The new network setup looks like: Internet <–> modem <--> asus fw <--> pfsense <--> lan / WAPs.

Given that things work in the new setup / stop working when I remove the asus fw I'm pretty sure its not a firewall issue or pfblocker. I'm not sure what the problem is though & as the asus fw is old its slowing my connection down so I'd like to remove it.

Thoughts?

Velcro · Aug 10, 2017, 1:07 PM

jjjones,
Looking at your log it appears as if all traffic to your LAN is being blocked? Can you filter your firewall log so you only see the LAN? Your limited log shows blocks only on your LAN?

What are your rules for your LAN? Did you change the default "Any-Any" rule?
As Tim mentioned try turning off pfBlocker and see if O365 works? If so then your issue lies with pfBlocker and you can then refine your lists.
Do you have pfBlocker-GEO blocking countries?

Just trying to help with some basic trouble shooting…

Something I might recommend you do is: Try logging onto O365 a few times, note the time, don't do anything else on your network and then look in your log(pfBlocker alerts, LAN firewall logs) to see what is being blocked.

johnpoz · Aug 10, 2017, 3:11 PM

See your other thread for my response there. You should not be seeing ARP for such an address unless pfsense thought that IP was on its local wan network..

tim.mcmanus · Aug 10, 2017, 7:20 PM

Two ways you can approach this: Check to see what is being blocked by your firewall, I seem to remember pfBlocker has some pretty good logging.

Second, do a complete fresh install of pfSense and test reachability. Add some additional customization. Check reachability. Add packages. Check. And so forth.

It is most definitely a configuration issue, the elusive part is where.

jjones123 · Aug 11, 2017, 7:59 PM

Thanks guys. When I get home I'm breaking out the coffee & starting the process of chasing where the config is broken

–-
Edit: I got home & you were correct it was a configuration issue. Embarrassingly I setup my static IP incorrectly on the WAN side. I've corrected the configuration & everything is working now. Kicking myself for looking at that 4 times & missing that the subnet was incorrectly configured.

Appreciate your help & patience