How to handle errors that do not display all website content when accessing in a network environment with a firewall

1.The purpose of the article

This article will show you how to handle the error of not being able to display all website content when accessing in a network environment using a firewall device.

2.Diagram

Details:

As you can see, this is the network model that businesses often use with:

  • Firewall device is connected to 1 or more different internet lines with Load Balcing mechanism.
  • Next, the firewall device will usually be the place to allocate IP addresses of devices on the LAN.

3.Scenario

Techbast will try to access canhan.gdt.gov.vn and as a result you can see that we can still access this website but the website cannot display the full image.

So what is the cause?

This is due to the security features of this website. Specifically, this website will be unable to display the full content if the requests to it are traffic using the load balancing mechanism.

So what is the solution?

To solve this problem, we need to configure the routing of traffic going to these websites in a single internet path.

In this article, Techbast will guide you to do this on Sophos and Palo Alto firewall devices.

4.Configuration

4.1.Palo Alto Firewall.

To route the traffic of a certain website along a fixed internet connection, the Palo Alto firewall device will help us do this through the Policy Based Forwarding feature.

First we need to create a FQDN for the website we need to route, here Techbast will create a FQDN for the canhan.gdt.gov.vn page.

To create a FQDN, go to Objects > Address > click Add and create according to the following parameters:

  • Name: canhan.gdt.gov.vn.
  • Type: FQDN – canhan.gdt.gov.vn.
  • Click OK.

The next step we will create Policy Based Forwarding to route the newly created FQDN.

To create, go to Policies > Policy Based Forwarding > click Add and create according to the following information:

General tab:

  • Name: Route_canhan.gdt.gov.vn.

Source tab:

  • Zone: select LAN.
  • Source Address: select Any.
  • Source User: select Any.

Destination/Application/Service tab:

  • Destination Address: select FQDN canhan.gdt.gov.vn.

Forwarding:

  • Action: select Forwarding.
  • Egress Interface: select the internet port we want to route.
  • Next hop: select None.
  • Click OK.

Click Commit and OK to save the configuration changes.

Then we try to access the page canhan.gdt.gov.vn again and we will see the website will be fully displayed.

4.2.Sophos. Firewall

For the Sophos firewall to route website traffic to a fixed internet connection, Sophos supports the SD WAN feature to do this.

The first step we also need to create a FQDN for the page canhan.gdt.gov.vn.

To create, go to Hosts and services > FQDN host > click Add and create according to the following information:

  • Name: canhan.gdt.gov.vn.
  • FQDN: canhan.gdt.gov.vn.
  • Click Save.

Next we need to create SD-WAN policy routing to route the newly created FQDN host.

To create Routing > SD-WAN policy routing > click Add and configure the following parameters.

  • Name: Route_canhan_to_FPT.
  • Source networks: Any.
  • Destination networks: select the newly created FQDN host is canhan.gdt.gov.vn.
  • Service: Any.
  • Application Objects: Any.
  • Users or gourps: Any.
  • Primary gateway: select the internet route you want to route.

Click Save.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.