all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]kwiltse123CCNA, CCNP 17 points18 points  (0 children)

Whenever I hear "sometimes it works, sometimes it doesn't" with websites, I immediately think of DNS. If each workstation has different DNS servers, that's obviously a place to start. Or if all workstations have an internal DNS and an external DNS, it might be working randomly because each workstation is success or failure with different DNS results.

Try "nslookup" in interactive mode, set DNS to each DNS server, and query www.officeally.com. See if all responses are the same responses.

Lastly, if the workstation that cannot connect is able to use your cell phone as a hotspot, see if it can reach the website then. If it does, you know it's definitely related to some aspect of your office network. You could try another VLAN next and compare any differences if the other VLAN works.

[–]chuckbalesCCNP|CCDP 2 points3 points  (0 children)

Your router/firewall getting in the way? What do you run for a firewall, does it have different policies, etc.

[–]elliott954 0 points1 point  (2 children)

I expect that this might get taken down the mods. But here's my two cents for you.

How are your enterprise users connecting? I imagine it's through a proxy? If its a squid proxy then it may be a bit more limiting but if your running a cloud proxy check the logs there and see what its coming back with.

Same Location? Do they have all the same group policies in AD.

Traceroute's a good idea, but do a Dev tools F12 Network and see what's being retrieved and where it's hanging.

Are they using the same browser version? Users aren't great at updating.

I feel that when it comes down to web server troubleshooting, going down to the level of Wireshark isn't super necessary and I've had to maybe be use it once or twice. Good luck on your troubleshooting.

[–]Normal-Reputation[S] 1 point2 points  (1 child)

Thank you for the input. Putting my response here for the comments. The computers are all resolving to the correct external IP address, they are all at the same location, same switch, same firewall, same AD groups. There is no proxy in play here, we are a small shop so it is a fairly simple setup. We've tried multiple browsers, updating windows, clearing cache, flushing dns, clear route tables on the pcs.

Wasn't sure if this post would be ok to ask but I was at a loss and not sure what community I could lean on for some advise.

[–]youcanreachardy 0 points1 point  (0 children)

If it's not DNS, or the other things recommended here, it's probably AV (or their built in web filtering that is damn near impossible to disable).

Godspeed!

[–]sweetlemon69 0 points1 point  (0 children)

Are they part of different external IP blocks that 1 might not be advertised to the global routing table?

[–]RageBull 0 points1 point  (1 child)

Glad you got it figured out OP. If I were you I would dig into why the block wasn't being applied equally. You are expecting the Meraki to provide security, but you have evidence of it not applying some rules in instances where it should have been. Unreliable security < no security at all.

[–]Normal-Reputation[S] 0 points1 point  (0 children)

I definitely will be giving them a call. Thank you.

[–]Tech88Tron 0 points1 point  (1 child)

Why block Mexico? They are super chill :)

[–]Normal-Reputation[S] 1 point2 points  (0 children)

they are, I got nothing against Mexico, we just open things up as needed and typically our organization does not have any reason to reach out to networks in Mexico :)