cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
388
Views
0
Helpful
2
Replies

Connections to web sites using typekit timing out behind FTD

MauryJ
Beginner
Beginner

We noticed a strange phenomenon with at least two sites, both of which are using Adobe fonts (typenet.net), when accessed from behind our ASA with FTD.

 

Looking at the developer tools console in chrome, I can see that while the page is loading, the browser sits and eventually times out waiting for a response while trying to load a font from p.typekit.net, and we see this from both Windows and Mac clients on our internal network.   The actual requested URL in one case is:   

 

https://p.typekit.net/p.css?s=1&k=oci4iyo&ht=tk&f=15779.15782&a=86990265&app=typekit&e=css

 

When analyzing the connection event logs in FMC, I am not seeing any relevant connections from the clients getting blocked, when loading these sites.   Outside of our network, the issue does not come up.   The client's we're seeing this from have access to http and https in our ACLs and aren't going through a proxy.    Has anyone else run up against this?

 

Versions:

FTD 6.7.0.3

Snort 2.9.17 (Build 3014)
Rule Update 2022-06-16-001

Thanks

 

2 Replies 2

Mohammed al Baqari
VIP Advisor VIP Advisor
VIP Advisor
Hi,

Just to ensure that you have logging setup correctly, configure a
rule which matches specific client source IP at the top and enable logging
on it. Then look for connection events to see if there are matches.

**** please remember to rate useful posts

jmatysek
Beginner
Beginner

Hi Maury,

Just ran into something similar, and what I found was that my 2120 was associating the URL https://p.typekit.net with a web application called Burnbook (an anonymous messaging app) which Cisco classifies as a Very High Risk application and was blocking it per a rule to block Very High Risk applications. I discovered this by viewing Connection Events filtered for my workstation IP while trying to load the website in question. I tried whitelisting the typekit URL with no effect. However whitelisting this Burnbook app did the trick. Not sure how/why Adobe's hosted web font service got linked with this Burnbook app by Cisco in their VDB.

Hope that helps,
John

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: