BWM blocks loading specific website

Eric_
Eric_ Posts: 22  Freshman Member
edited April 2021 in Security
Hello all

One of our customers wants to open a website but it just loads and loads without really getting anywhere. I tested it in various networks with multiple browsers and multiple DNS-Servers but no luck. The log shows, that the outbound traffic is being forwarded and nothing is blocked by a security rule.Only clear thing: it does not work when an USG/Zywall is installed.

Since I had no solutions left, I disabled BWM and to my surprise the site loaded immediately. BWM was enabled, together with the "enable highest bandwidth priority for SIP traffic" Option because the customer uses SIP. Just disabling the "SIP Traffic" Option did not solve this. Experiments with a new configuration rule for https-traffic to this site did not work either. This "solution" worked on other Firewalls as well.

Why would an enabled BWM block traffic from this site?

Setup: various Zyxel models like: USG60 with v4.25 or Zywall 110 with v4.31 wk29.
Exception: only an old USG 20 with v3.30 had no problems with this but that device is on it's way out...
Site: shop.msch-ag.ch  (Swiss shop for electronics)

Thanks & regards
Eric

All Replies

  • Jeremylin
    Jeremylin Posts: 166  Master Member
    If you enable BWM rule without "enable highest bandwidth priority for SIP traffic", does the issue still exist?
  • PeterUK
    PeterUK Posts: 1,342  Guru Member
    edited February 2019

    site loads fine here with BWM on on a USG60 V4.25

    Do you have any UTM profiles?


  • Eric_
    Eric_ Posts: 22  Freshman Member
    Jeremylin said:
    If you enable BWM rule without "enable highest bandwidth priority for SIP traffic", does the issue still exist?
    Hello Jeremylin

    Yes, the problem is the same with or without this option.
  • Eric_
    Eric_ Posts: 22  Freshman Member
    PeterUK said:

    site loads fine here with BWM on on a USG60 V4.25

    Do you have any UTM profiles?

    Hello PeterUK

    Thanks for testing. No, there are no UTM profiles active and customer has no license.

  • PeterUK
    PeterUK Posts: 1,342  Guru Member

    can you run tracetcp with BWM on

    https://simulatedsimian.github.io/tracetcp_download.html

    tracetcp shop.msch-ag.ch:443

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    @Eric_
    I can access the website which you mentioned, even enable BWM function.
    Can you private message configuration for check further?
    Charlie

Security Highlight