What's new

ZenWiFi XT9 blocks weather.gov

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Corkie24

New Around Here
Hello: long time reader, first time posting. Apologies if this is duplicative, but I have not found quite this problem solved in other threads. Long post, trying to share as much info as possible:

Short version: Asus ZenWiFi XT9 mesh system, working perfectly except that it blocks access to the National Weather Service website https://www.weather.gov

Details: I finally replaced our Asus RT-AC68U which I created from a T-Mobile TM-AC1900. After much research, settled on an Asus ZenWiFi XT9 mesh system, which I installed two weeks ago. I’m delighted with the Wi-Fi speed and the ability to get that speed throughout the house, which previously was not possible. Only one problem: when I try to reach the National Weather Service website https://www.weather.gov , access is blocked.

When I try to access using Firefox web browser running on a Windows 10 computer, I get the following message:

Access Denied

You don't have permission to access "http://www.weather.gov/" on this server.

Reference #18.2dda0760.1734534178.120347a0

https://errors.edgesuite.net/18.2dda0760.1734534178.120347a0



When I try to access using Microsoft Edge on that same Windows 10 computer, I get a similar but slightly different message:

Access Denied

You don't have permission to access "http://www.weather.gov/" on this server.

Reference #18.84fe3d17.1734536267.b66ed2cb




Note that on both browsers, even though I am typing in the https:// address, the error message specifies the http:// address.

I get the access denied message despite trying on multiple devices (more info below). The ISP is AT&T, and the ISP gateway device is an AT&T Arris Wi-Fi modem. When I connect directly to the AT&T Arris device, both by the Arris wi-fi and by connecting to an ethernet port on the Arris device, I am able to access https://www.weather.gov (will abbreviate this as “weather.gov”) without a problem. This suggests that the problem definitely lies with the Asus router, not with the ISP.

Here’s what I have checked, and tried:
  • When I installed the router, I allowed it to update the firmware. The router currently is running Asus firmware version 3.0.0.4.388_24684. As of 18 December 2024, the Asus website shows this as the most recent firmware version (dated 2024/11/05).
  • I can’t connect to weather.gov through the Asus router, neither by wi-fi nor by plugging into one of the ethernet ports on the Asus router.
  • I shut off and rebooted the Asus router, including both the box attached to the ISP gateway and the remote unit. After rebooting, still unable to connect to weather.gov through the Asus router.
  • Thinking this might be a double NAT problem, I put the AT&T Arris IP gateway into IP Passthrough mode, which is AT&T’s version of bridge mode (details at https://www.att.com/support/smallbusiness/article/smb-internet/KM1188700 ). Still unable to access weather.gov through the Asus router.
  • I turned off IP Passthrough, thereby also re-enabling the firewall in the AT&T Arris device, and then turned off the firewall in the Asus ZenWifi XT9. Still unable to access weather.gov through the Asus router.
  • I don’t think it’s a DNS cache issue. This problem has persisted across multiple days (with PCs that are shut down at the end of the day) and across multiple devices that access the Asus wifi router, including three different Windows computers, a Mac OS MacBook, and two different Android phones that reboot every night. Just for the sake of completeness, I flushed the DNS cache on a Windows desktop. Still unable to access weather.gov through the Asus router.
  • I've looked at the Asus router’s firewall URL filter to make sure that weather.gov isn't blacklisted. It is not; in fact, there are no websites currently blacklisted or whitelisted. I tried whitelisting weather.gov, and that didn't fix the problem, either.
  • The Asus router’s firewall keyword filter is disabled.
  • The Asus router’s network services filter is disabled.
  • I have the TrendMicro AiProtection enabled. As an experiment, with the Asus firewall enabled, I turned “Enabled AiProtection” to the “OFF” setting. Still unable to access weather.gov through the Asus router.
I tried calling Asus’ tech support. The first response from the technician I spoke with was “Oh, your access is being denied because this is a government website.” That was obviously nonsense. When I pushed back, she was unable to offer any other suggestions. She said she would elevate the issue and I would hear back from someone in two days. That was a week ago, and I’ve heard nothing further. I think I’m on my own with this.

Given that this is a problem with one specific website, and that I’m otherwise able to access every website I’ve tried, and connect to the servers of our various email providers, I’m convinced this is most likely a problem with a firmware setting. I would welcome any suggestions. Thanks!
 
If you think it's the router, I would reset its firmware, configure minimally from scratch, and try again with nothing else in play except your admin PC and WAN. Should just work like any website.

OE
 
I appreciate the response. Just to be clear, for this Asus, does "reset its firmware" mean this:?
"Administration" tab>"Restore/Save/Upload" menu>"Factory default" - click on "restore" button

Thanks,
C
 
@Corkie24, didn't see it mentioned in your initial post but what are you using for DNS servers, both on the WAN page and on the LAN DHCP Server page? Try selecting a different DNS server(s) if you haven't done so already.
Are you using Pi-Hole or AdBlockHome or similar DNS filtering/sink hole programs?
What specific Arris device do you have? Is the Arris connected to to another AT&T device within your location (like ONT)?
Do you have DSL, cable or fiber for broadband?
 
OzarkEdge, I tried the factory reset and complete rebuilding of the network. Still can't access weather.gov.

bennor, your answers:
- WAN connection is automatic IP, set to get the DNS IP automatically from the ISP
- LAN DHCP server is set on the router's default which is addresses from 192.168.50.2 to 192.168.50.254. Manual assignment is set on "no."
-not using any DNS filtering programs.
- My bad, the AT&T ISP gateway device is a Nokia BGW320-505, not Arris as I had previously written. It is not connected to any other AT&T devices.

I am still on the noob side of the learning curve, so would appreciate it if you can direct me to posts or other guidance on understanding the LAN and WAN server settings, as well as when and how to identify and select a different DNS server. Again, thanks!
 
OzarkEdge, I tried the factory reset and complete rebuilding of the network. Still can't access weather.gov.

I suggested a minimal configuration... not put everything back the way you had it. I don't think it's the router... it's something else... we need more clues.

OE
 
- WAN connection is automatic IP, set to get the DNS IP automatically from the ISP
- LAN DHCP server is set on the router's default which is addresses from 192.168.50.2 to 192.168.50.254. Manual assignment is set on "no."
-not using any DNS filtering programs.
- My bad, the AT&T ISP gateway device is a Nokia BGW320-505, not Arris as I had previously written. It is not connected to any other AT&T devices.

I am still on the noob side of the learning curve, so would appreciate it if you can direct me to posts or other guidance on understanding the LAN and WAN server settings, as well as when and how to identify and select a different DNS server. Again, thanks!
If you haven't done so already, remove the Asus router from the mix and test using only the Nokia BGW320-505. There are various how-to guides for putting the AT&T Nokia BGW320-505 into IP Passthrough Mode. For example:
 
If you haven't done so already, remove the Asus router from the mix and test using only the Nokia BGW320-505. There are various how-to guides for putting the AT&T Nokia BGW320-505 into IP Passthrough Mode. For example:
bennor, I'm confused by this. If you put the GW in passthru then you are removing the GW and not the ASUS router. He did say he already bypassed the router and connected directly to the GW.
 
WAN connection is automatic IP, set to get the DNS IP automatically from the ISP
What does the router say your WAN IP is?

Just to be really sure, you have your router WAN port connected to your ATT gateway?

Can you access other .gov websites?
 
bennor, I'm confused by this. If you put the GW in passthru then you are removing the GW and not the ASUS router. He did say he already bypassed the router and connected directly to the GW.
GW? Do you mean the BGW320-505? In any case like my post indicated if they hadn't already done so to try it. Going back and rereading the long OP initial post I see they did remove the Asus router and were able to connect. So they can ignore that part and try the links if those links have different steps to setup IP passthrough on their BGW320-505. If they have already tried steps in those links, nothing is lost and they can move on and try something else.

Having had AT&T broadband (DSL) for a number of years, have had trouble trying to get the AT&T router/gateway into bridge mode or IP passthrough and to have it work work properly with an Asus router.
 
Thanks for the additional discussion.
- OzarkEdge, you *did* say to set up a minimal configuration. I failed to tell you that my current configuration *is* minimal. The only things I have done is specifying my network SSID and PW, creating an administrator name and PW, and turning on the TrendMicro AIprotection. All other settings are unmodified from Asus default. I have the router and just one node, both as supplied by Asus in the two-unit ZenWiFi XT9 box. It probably doesn't get any simpler than this!
-bennor, justinh: I will give a try following the instructions you suggested for IP passthrough, which are a bit different more detailed than AT&T's instructions, and report back.

Thanks again to all for the input!
 
The only things I have done is specifying my network SSID and PW, creating an administrator name and PW, and turning on the TrendMicro AIprotection.
As a troubleshooting step. Disable AiProtection and make sure to click the Withdraw button for it on the Settings > Privacy (or Policy) page. In the past, I've found that AiProtection (in particular the Malicious Sites Blocking feature) sometimes blocks legit websites.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top