502 Bad Gateway error with business.apple.com
-
Hi everyone. I'm running into an issue with all clients that use PFSense (latest version) that they cannot get to business.apple.com without a 502 Bad Gateway error. Details show that the page is unable to load the authentication widget after retry. MTU is set to 1450 (was 1500) and there is no content filtering or site blocking. I set a DNS resolver bypass and that didn't work either. I spoke to Apple and their only suggestion was to make sure the pfsense isn't blocking part of the site but I'm not sure how to find that out. Any suggestions? Thanks!
-
@techgal128 are you policy routing out some other connection, say vpn..
I am behind pfsense and have no problems accessing their site.. They send me an unsupported browser page in firefox ;)
A 502 error is the server sending you an error.. There is nothing on pfsense that would generate a 502, unless you were using proxy on pfsense? Are you running proxy on pfsense for your clients to use.
Guess they don't like firefox ;)
Chrome works
Maybe your not getting the unsupported browser page and just a 502, try either chrome or edge those are listed on their supported browser page.
-
@johnpoz Thanks for the reply! Multiple browsers have been tried as well as multiple systems and even multiple clients. We are not using a proxy but do have a site to site VPN set up although I don't think it's actively used any more (but still enabled). I know I had a similar issue with a page not loading with another site and it turned out we needed to adjust the MTU from 1500 to 1450 to resolve the error. What is your MTU set at?
-
@techgal128 said in 502 Bad Gateway error with business.apple.com:
What is your MTU set at?
1500, There should be zero reason to have to adjust your mtu.. Unless your on some sort of connection with overhead like pppoe or something, or through a vpn tunnel or something.
$ ping -f -l 1472 business.apple.com Pinging e13169.dscg.akamaiedge.net [104.77.249.95] with 1472 bytes of data: Reply from 104.77.249.95: bytes=1472 time=35ms TTL=57 Reply from 104.77.249.95: bytes=1472 time=36ms TTL=57If your not running a proxy locally, then that is an error sent by where your going - or through some transparent proxy your flowing through. that is not an error that pfsense would present to client. Pfsense just passes traffic, or doesn't unless your running a proxy on pfsense it doesn't do anything other than move the traffic.
Are you using IPv6?
-
@johnpoz We are using a site to site VPN if that makes a difference but no ipv6.
-
@techgal128 can you try accessing it not going through the site to site? Is the other side of the connection running a proxy? Can you ping with specific value set for for whatever mtu you have setup? Minus the 28 bytes..
Again pfsense unless running a proxy isn't doing anything with that traffic, it can not send you a 502 - that is coming from the destination or a proxy you are running through.
-
@johnpoz Ping works fine and has always resolved correctly. It's just the authentication module within the site that fails to load. Good question about the other side using a proxy, I don't believe it does but I haven't looked. I don't believe our site to site VPN is even being used now but it is enabled. I will disable it after hours just to make sure it doesn't affect our clients and I will then try to access the site again. I'll update tomorrow with a status. Thanks for your help!
-
@techgal128 so that 502 error happens after you try and log in? Or just loading the site at all?
-
@johnpoz Hi there. I disabled the site to site VPN and there was no change. It occurred to me that workstations connected to the PFSense don't have this issue and it's only our servers. This seems related to our virtual environment which is very strange. I think at this point, I will open a ticket with our VM environment vendor and ask them what they think about this. I appreciate the time you spent on this!
