USG5150BSR can't visit one web site

Publication Date:  2012-09-12 Views:  190 Downloads:  0
Issue Description
PC-firewall-web server of external network
PC in the internal network can visit all the website except the, the session exists in the firewall.
Alarm Information
Handling Process
1 Change the value of firewall tcp-mss, still can’t work
2 Change multi-address of public network, problem as the old
3 ip address for is
Check the interface
interface GigabitEthernet0/0/3
ip address
ip address sub
Two addresses are in the same network segment. Because the same LAN, when we visit the, it will not send to the gateway external.
So the visit can’t work.
change the subnet mask as:
interface GigabitEthernet0/0/3
ip address
ip address sub
Problem solved.

Root Cause
1 TCP fragment Message has problem
2 Ip address has problem. May be this public network ip address is limited by the server
3 Subnet mask  has problem