Accessing onshape behind a firewall

jeffrey_bragg

I'm modeling a couple of small sketches on a computer behind a firewall. I have no trouble accessing the forum behind the firewall, but I cannot access the sketches.  I saw in another post I had to have 443 open. The Admin is refusing to open or port forward.  Is there a way to access the drawing other than using your site at home?   

NeilCooke

Port 443 is required for secure websockets which are required by Onshape. Let your admin run https://cad.onshape.com/check then ask why he is reluctant. 

You can model on your phone over 4G. 

jeffrey_bragg

Thanks, I will ask

jeffrey_bragg

P.S. should by most standards this create a happy Admin?

NeilCooke

Not necessarily but it kinda proves that there’s nothing sinister or untoward going on. 

jeffrey_bragg

Please clarify or verify which port that needs to be open.  You state 433. (See Oct 25th comment above) My admin states that secure sites commonly have 443 open, not 433, and they understand 443 to already be open.  Note on another thread:
I believe my admin needs to to make sure which port is needed.
BEGIN QUOTE:

john_rousseau said:

Hi @ffoska_foska. Your proxy needs to support WebSockets. We do all of our communication over port 443, but if your proxy can't handle WebSockets, you won't be able to model.

-John

 John Rousseau / Director, Technical Operations / Onshape Inc. 
END QUOTE

NeilCooke

Sorry that was a typo - it is 443

lougallo

@jeffrey_bragg if this is still an issue, let us know.  Use the ? menu - Report a bug and we can take a look and have some suggestions if your IT is whitelisting..

jeffrey_bragg

Thanks for the clarification will send to my IT and see if they can verify all is good from their side, and report back their findings.

jeffrey_bragg

I am hoping Admin here at onshape can help diagnose the problem.

I have extensively worked for months providing screenshots of my issues though the multiple layers of the IT layers with my employer. 

"The domain onshape.com is not blocked. Port 443 is already open for all secure web browsing."  The last attempt will obviously need to be that the IT person either 'tunnels' into my PC to see the error or they create an account for themselves to see the issue.

–I can visit the site onshape.com ;The login appears normally (I'm actually visiting the forum through my employers IT system.)

–The list of documents I have accessed or created is available.

Opening the document does not work.
Error message:
CLICK ON DOCUMENT:
Load work-space appears momentarily,
then:
"Onshape is not connected. Your document is saved. You can refresh the browser to continue working on this document or (underline->) return to the Documents page."

From the check screen: responses that are other than Green check marks:

Renderer

GL renderer

Your browser does not disclose this information.

GL vendor

Your browser does not disclose this information.

Overall performance*

Measured triangles per second  20.0 million

Measured lines per second        22.5 million

WebSocket connection  

There was a problem creating a WebSocket to Onshape's servers.

This usually means you are using an HTTP proxy which does not support WebSockets.

JSON file report text copied to here:

{"rendererInfo":{"glVendor":"unavailable","glRenderer":"unavailable"},"coreWebGL":"Supported","userAgent":"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0","browserSupported":true,"is32BitIndicesAvailable":true,"isAnistropicAvailable":true,"isFloatTextureAvailable":true}

Any help you can provide is appreciated.

john_rousseau

Hi @jeffrey_bragg. The Web Socket connection problem is definitely what is keeping you from using Onshape.

Somewhere between you and our servers, with the absolute highest likelihood being the firewall at your employer, there is a rule that is not allowing a connection to be established.

There are generally two causes for this:
- A firewall on your end that is not allowing a secure web socket to be established. We often will see the web socket request come in incorrectly because the firewall has changed it. I'm not seeing your request for this in our logs at all, so I don't think this is causing your problem.
- Your firewall does not allow connections to outside sites without whitelisting those sites. I think this is your problem. Here are the instructions that our support team provides in these cases:

Many corporate environments will white-list or proxy the network traffic to enforce where users on the network can use. In order to use Onshape within this network configuration, the following domains must be added to the “allowed” list:

cad.onshape.com

In addition, the region of the network as well as any collaborators you might be collaborating with should also be added to the “allowed” list:

• North America: cad-usw2.onshape.com
• Europe: cad-euw1.onshape.com
• Singapore: cad-aps1.onshape.com
• Australia: cad-aps2.onshape.com
• Japan: cad-apn1.onshape.com

If the network configuration supports domain wildcards, a single entry can be added to the “allowed” list:

• *.onshape.com

Let me know if you are still having problems.

jeffrey_bragg

I do know that wildcards are definitely not allowed, but I will send this on as a PDF.  One effort I feel is lacking is that my IT department does not have an account to open a sample document and actually see the error in real-time.  I intend to press for that action.

john_rousseau

I think that your IT department should be able to just use the "check" page (https://cad.onshape.com/check), just as you did, as a test to see if they have resolved the problem.

Good luck! 

jeffrey_bragg

My tech support sent me a screenshot of them creating an open document.  This is the first I have been able to get them to create an account for the testing.  They were able to do so without the 'allowed' parameters