Sonicwall

· vocatan's blog


SonicWall hates api.openai.com #

We had an issue on our lab machines, in that they could only sporadically reach https://api.openai.com

Not consistently failing - that would be FAR too easy to diagnose. And to make issues even more complicated, this came at a time when we were scheduled to do a bulk analysis of a bunch of content. So we updated /etc/hosts to point api.openai.com to localhost, and did a openssh reverse proxy via an external machine, which had no problems reaching OpenAI at all.

Meanwhile, getting more and more frustrated, we tried taking tcpdump traces, checking for bad certificates, CloudFlare intermediaries, etc.
We finally did the unthinkable, and reached out to SonicWall for support. They seemed as perplexed as we were, and were basically unable to offer resolve the issue, offering some answers such as patching the firewall, suggesting that it may be flakiness with the site..

Finally our IT genius Robert figured out that it was being blocked by a Content Filtering rule (!?!)

Wonder how many other SonicWall customers are being bitten by this.