[sysreq #14828] W3.org site not accessible; Whitelist Zscaler Ip address range

On Thu Dec 10 09:33:29 2020, srawat@zscaler.com wrote:
> Hello Team,
> 
> Hope you are doing well.
> 
> I am writing this email in hopes of reaching someone in your
> security/networking department.
> 
> One of our customers *Ministry for Primary Industries New Zealand *
> raised concern that they were not able to reach the following URLs via our
> company's service.
> *https://www.w3.org/ <https://www.w3.org/>*
> 
> [image: image.png]
> 
> 
> Taking tcpdump we see Zscaler Auckland node is sending TCP SYN however site
> is not responding. We see no SYN+ACK from destination.
> It seems you have not whitelisted the range from our Auckland Node.
> 
> 22:48:41.949990 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4
> (0x0800), length 74: *124.248.141.76.33661 > 128.30.52.100.80: Flags [S],*
> seq 2737271665, win 65535, options [mss 1460,nop,wscale 5,sackOK,TS val
> 188199143 ecr 0], length 0
> 22:48:44.592392 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4
> (0x0800), length 74: *124.248.141.76.33661 > 128.30.52.100.80: Flags [S],*
> seq 2737271665, win 65535, options [mss 1460,nop,wscale 5,sackOK,TS val
> 188199443 ecr 0], length 0
> 22:48:47.420014 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4
> (0x0800), length 74:* 124.248.141.76.33661 > 128.30.52.100.80: Flags [S],*
> seq 2737271665, win 65535, options [mss 1460,nop,wscale 5,sackOK,TS val
> 188199763 ecr 0], length 0
> 22:48:50.256015 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4
> (0x0800), length 62:* 124.248.141.76.56447 > 128.30.52.100.80: Flags [S*],
> seq 1205153653, win 65535, options [mss 1460,sackOK,eol], length 0
> 22:48:52.915216 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4
> (0x0800), length 62:* 124.248.141.76.56447 > 128.30.52.100.80: Flags [S]*,
> seq 1205153653, win 65535, options [mss 1460,sackOK,eol], length 0
> ^C
> 
> As a company zscaler provide a hosted web filtering/security solution. As
> part of the debugging process, we noticed that the outbound IP address of
> our nodes is being blocked from your CDN.
> Would it be possible to open a dialogue to have this ban or throttle policy
> lifted? If there is something we need to address I would be more than happy
> to look at it.
> Note: It is possible that you are seeing a large volume of traffic from
> our IP address. This is not uncommon as we may have up to 50k+ users behind
> a single node.

Hi,

Would you be able to run a traceroute to see where packets get stopped? We've received a few similar complaints around the same time as yours, one of them being blocked on Akamai's routers to protect our Internet provider's network. This may be due to them mitigating an attack on this network, I'll try to get more information.

Best Regards,
Jean-Gui

> 
> Zscaler Case ID:  02654708
> Location: *Auckland*
> Range:
> *Auckland* *124.248.141.0/24 <http://124.248.141.0/24>*
> Regards,
> Suman Rawat
> Zscaler Product Support Engineer

Received on Thursday, 10 December 2020 15:24:46 UTC