Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Accessing secure banking sites

    L2/Switching/VLANs
    6
    8
    846
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GilG
      Gil Rebel Alliance
      last edited by

      I have a default VLAN switch config on my LAN, but I can't access secure banking sites from my LAN.

      10e41ea9-91dd-458a-8cc0-4064aac29484-image.png

      I have only 1 WAN port, and no squid setup.

      11 cheers for binary

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @Gil
        last edited by

        @gil can you ping a public IP address? Resolve any websites? Are you getting an IP from the default VLAN (1)?

        What happens when you ping... [pfsense LAN IP]? 8.8.8.8? Yahoo.com?

        If you have interfaces for all the VLANs in the pf, as well, are you blocking traffic on the interfaces? What does it show in System Logs -> Firewall?

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        1 Reply Last reply Reply Quote 0
        • GilG
          Gil Rebel Alliance
          last edited by

          Yep. resolving almost every website. but not https://banking.westpac.com.au/
          This site is accessible and valid on the internet side of the firewall.

          Nothing TCP under the firewall logs.

          11 cheers for binary

          V johnpozJ 2 Replies Last reply Reply Quote 0
          • V
            viragomann @Gil
            last edited by

            @gil said in Accessing secure banking sites:

            resolving almost every website. but not https://banking.westpac.com.au/

            Are you unable to resolve the name or to load the page?

            What do you get in the browser exactly?

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @Gil
              last edited by

              @gil said in Accessing secure banking sites:

              banking.westpac.com.au

              clearly some issues going on with their dns

              https://dnsviz.net/d/banking.westpac.com.au/dnssec/

              errors.jpg

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              GertjanG 1 Reply Last reply Reply Quote 1
              • GertjanG
                Gertjan @johnpoz
                last edited by

                @johnpoz

                It look likes who ever manages the zone "banking.westpac.com.au" activated DNSSEC without really knowing what he was doing.
                The registrar hasn't has not activated DNSSEC for that host name, but there are DNNSEC records in the zone. That's ... not done.

                banking.westpac.com.au or westpac.com.au isn't set up for DNSSEC usage.

                @Gil : if you have a VPN, go to some place in Europe, or the States.
                I can visit banking.westpac.com.au just fine from France.
                Looks like some upstream DNS issue.

                edit : Using https://www.zonemaster.net and was told : "this domain name is a mess" (for the moment).

                PS : It's not a Russian bank, right ? ;)

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                johnpozJ B 2 Replies Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @Gertjan
                  last edited by

                  @gertjan yeah agree its a mess..

                  Maybe they are in the middle of migration, or someone thinks they are and didn't tell the rest of the team, etc. ;)

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  1 Reply Last reply Reply Quote 0
                  • B
                    biggsy @Gertjan
                    last edited by

                    @gertjan said

                    PS : It's not a Russian bank, right ? ;)

                    Not exactly but they have had other "problems"

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.