I can ping Google and Gmail but i cant access is to the browser
-
Hi everyone, we have a problem in our network. we cant access google and gmail in the browser but i can ping it no problem. first it was one computer, then 2 computer, and suddenly all of our computer. only google and gmail. some times its ok for a whole day and sometimes it doesn't for how many days. is someone experience this before? i have read about malware, dos attack, poising DNS and many more. i dont know were to start investigate. how do i prevent this using pfsense. i have suricata. thanks in advance
-
@Chinojames said in I can ping Google and Gmail but i cant access is to the browser:
we cant access google and gmail in the browser
And that's all the info you give ?
Logs ?
What are your LAN firewall rules ?
Etc.@Chinojames said in I can ping Google and Gmail but i cant access is to the browser:
i have suricata
And when you stop (remove) it, everything suddenly start to work, right ;)
By default, pfSense doesn't discriminate Google or Gmail services.
-
This is my LAN rules. yes if reboot pfsense, all will be back to normal. And after an hour, back at it again. failed to load gmail and google. any idea?
-
If you have Suricata configured, then it is very likely your rule set there is too strict or else needs some rules disabled. You can't just enable everything in an IPS and assume it will all be fine. An IPS needs a lot of monitoring and tuning for the first several weeks when enabled on a network.
Go to SERVICES > SURICATA and then click on the BLOCK tab. Click the button to remove all blocked hosts. Next, click on the INTERFACES tab and temporarily stop Suricata on all interfaces.
Now see if all of your web access (Gmail, etc.) is working. If it is, then a Suricata rule alerting and blocking is the cause. You will need to find that rule by looking at all the alerts in the ALERTS tab and then either suppress or disable that rule. It very well could be multiple rules alerting depending on what categories you have enabled.
I suggest you change Suricata to alert only (turn off blocking) and run it that way for several days or even weeks. Check the ALERTS tab frequently to see what types of alerts you are getting. Use Google research to determine if the alerts you receive are likely false positives or might be real threats. Disable or suppress rule alerts that are false positives. Once you think you have Suricata tuned up, then re-enable blocking.
-
thanks for your response sir. i think its not suricata. i installed suricata 4 months ago tunning all setting the way we want it. we never experience this before until now. i have open port for openvpn remote access client.
-
Oh. I wish you success in finding a problem.