Trouble with Web App on Harmony SASE VPN while it Works on OpenVPN

By
Isaac Ortega
-
0
3
Asked By TechieExplorer42 On

I'm running into a puzzling problem with an internal web app that some field users access via VPN. We're currently using Sophos SSLVPN and its client, which connects to a virtual UTM at our datacenter. We're looking to upgrade to Harmony SASE (formerly Perimeter81). The issue arises with just one specific module of our web app: it works perfectly over Sophos (with OpenVPN/SSL protocol) but is unresponsive and times out when accessed through Harmony SASE. Closing the browser tab is the only option when this happens. All of our other applications operate flawlessly with Harmony SASE, including Remote Desktop and file transfers, so I suspect it's related specifically to the app module.

Some technical details - the Sophos UTM is on the same subnet as the web server, so there's minimal latency. In contrast, Harmony SASE is cloud-based with a site-to-site IPSEC VPN tunnel to our datacenter via a Unifi EFG appliance. I've adjusted MTU and MSS settings multiple times on the site-to-site VPN, but to no avail. I've encountered NET::ERR_HTTP2_PROTOCOL_ERROR in the developer console when the specific module fails. I've also captured errors about server reset streams using Edge's net-export tool. Has anyone experienced something similar? Any insights would be hugely appreciated!

3 Answers

Answered By WebWizard99 On

Are you using HTTP or HTTPS for your web app? If it’s HTTPS, make sure TLS inspection isn’t messing with the traffic. Disabling TLS inspection could be a quick test to see if it resolves the issue.

Answered By InsightGuru27 On

That 'server reset stream' error suggests the server is sending a TCP Reset. If you're using a clientless access setup, perhaps the algorithms for HTTPS traffic aren't matching up? Just a thought, but I've had issues like that before with different servers and their supported algorithms.

Answered By NetworkNinja88 On

It sounds like you might be dealing with a routing or name resolution issue between the two VPN setups. One VPN may be handling hostname resolution while the other isn't. Just a head's-up: changing MTU settings on VPNs often doesn't help as the endpoint devices might struggle with packet fragmentation. So, tinkering with the MTU could make your problems worse rather than better.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.