Cannot reach a specific domain, firewall shows "pass"

[Roemer]

Hello all
Since a few hours, I cannot access insight.synology.com anymore from my network. It does work from mobile or from other locations. I haven't changed anything in OPNsense and when I check the firewall log files, I see a lot of entries like:

Code Select Expand

wan 2022-11-02T10:44:05 *.*.*.*:63385 159.100.4.210:443 tcp let out anything from firewall host itself (force gw)

and when using curl, I get:

Code Select Expand

curl -v insight.synology.com
*   Trying 159.100.4.210:80...
* connect to 159.100.4.210 port 80 failed: Timed out
* Failed to connect to insight.synology.com port 80 after 21052 ms: Timed out
* Closing connection 0
curl: (28) Failed to connect to insight.synology.com port 80 after 21052 ms: Timed out

How can I further debug the situation? Many thanks for your help!

[tiermutter]

Any DNS filterlists applied?

[Roemer]

Any DNS filterlists applied?

In Unbound DNS? No, I haven't changed anything there, it is all default. Blocklist is not enabled.

[tiermutter]

Ok, I saw it too late, that the name was already resolved properly.
What does a traceroute say?

[Roemer]

Actually pretty nothing:

Code Select Expand

tracert insight.synology.com

Routenverfolgung zu insight.synology.com [159.100.4.210]
über maximal 30 Hops:

  1    <1 ms    <1 ms    <1 ms  192.168.xxx.1
  2     *        *        *     Zeitüberschreitung der Anforderung.
  3     *        *        *     Zeitüberschreitung der Anforderung.
  4     *        *        *     Zeitüberschreitung der Anforderung.
  5     *        *        *     Zeitüberschreitung der Anforderung.
...

[Roemer]

I just found out that other urls like zoom.us are also affected and just had a call with my internet provider, it seems they have strange issues currently so I think it is not related to OPNsense.

[tiermutter]

Assuming 192.168.xxx.1 is your GW, next hop should be your ISP. Looks like there is something blocked...

[tiermutter]

Ok... or there are some problems :)