health365.co.nz site access issues

Forums › Vetta and Quic › health365.co.nz site access issues

stevob

24 posts

Geek
+1 received by user: 36

#309391 15-Oct-2023 11:21

Hi all, suddenly unable to access my GP portal health365.co.nz from my home ISP network.

Tracert stops at hop 7 - the site is hosted at solarix.co.nz (Plan.B) hop 5 and 6 are also ICON-NZ/Plan.B

Tracing route to health365.co.nz [43.255.161.233]
over a maximum of 10 hops:

1 1 ms <1 ms <1 ms DLINK [192.168.1.1]
2 5 ms 5 ms 5 ms bng3.quic.net.nz [103.139.184.34]
3 6 ms 5 ms 5 ms pe1-akl1.vetta.net [103.139.184.64]
4 6 ms 5 ms 5 ms as23838.akl.ix.nz [43.243.21.22]
5 7 ms 7 ms 7 ms 202.37.144.56
6 9 ms 8 ms 8 ms 202.37.144.57
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.

The site resolves and works fine hotspotted via mobile & cellular network.

Tracing route to health365.co.nz [43.255.161.233]
over a maximum of 10 hops:

1 3 ms 2 ms 2 ms 172.20.10.1
2 53 ms 26 ms 35 ms 10.235.48.4
3 45 ms 30 ms * 10.32.2.57
4 49 ms 38 ms 32 ms 10.32.2.58
5 75 ms 31 ms 45 ms 10.32.2.61
6 46 ms 31 ms 39 ms UNASSIGNED.cust.vf.net.nz [203.96.208.130]
7 38 ms 27 ms 37 ms UNASSIGNED.cust.vf.net.nz [203.96.208.133]
8 44 ms 26 ms 36 ms as23838.akl.ix.nz [43.243.21.22]
9 37 ms 38 ms 40 ms 202.37.144.56
10 55 ms 38 ms 33 ms 202.37.144.57

Last 2 hops are identical - @quic does that mean my ISP/IP is somehow blocked when accessing via Quic?

Curious for any insights.

Thanks.

fe31nz

1295 posts

Uber Geek
+1 received by user: 423

#3147913 15-Oct-2023 23:40

I am on a static IP on 2Degrees, and my traceroute looks similar to yours:

Tracing route to health365.co.nz [43.255.161.233]
over a maximum of 30 hops:

1 * <1 ms <1 ms er4.jsw.gen.nz [10.0.1.251]
2 3 ms 2 ms <1 ms 108.7.69.111.static.snap.net.nz [111.69.7.108]
3 2 ms 3 ms 2 ms default-rdns.vocus.co.nz [101.98.5.213]
4 3 ms 3 ms 3 ms default-rdns.vocus.co.nz [101.98.5.212]
5 12 ms 11 ms 12 ms as9790.akl.ix.nz [43.243.21.3]
6 12 ms 12 ms 12 ms as23838.akl.ix.nz [43.243.21.22]
7 15 ms 15 ms 14 ms 202.37.144.56
8 15 ms 15 ms 15 ms 202.37.144.57
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.

but I can actually connect to the site. I am not a user though, so I have not tried logging in. So it looks like the routers on the last bit of the path to health365.co.nz do not respond to traceroute packets. So I tried again using the tracetcp program (which uses TCP SYN packets) and got this:

Tracing route to 43.255.161.233 [ip-43-255-161-233.solarix.net.nz] on port 80
Over a maximum of 30 hops.
1 1 ms 3 ms 4 ms 10.0.1.251 [er4.jsw.gen.nz]
2 2 ms 2 ms 2 ms 111.69.7.108 [108.7.69.111.static.snap.net.nz]
3 4 ms 5 ms 4 ms 101.98.5.213 [default-rdns.vocus.co.nz]
4 4 ms 3 ms 6 ms 101.98.5.212 [default-rdns.vocus.co.nz]
5 13 ms 19 ms 17 ms 43.243.21.3 [as9790.akl.ix.nz]
6 14 ms 12 ms 13 ms 43.243.21.22 [as23838.akl.ix.nz]
7 16 ms 17 ms 16 ms 202.37.144.56
8 18 ms 22 ms 16 ms 202.37.144.57
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 Destination Reached in 29 ms. Connection established to 43.255.161.233
Trace Complete.

The tracetcp progam is available from here:

https://simulatedsimian.github.io/tracetcp_download.html

michaelmurfy

meow
13581 posts

Uber Geek
+1 received by user: 10914

Moderator

ID Verified

Trusted

Lifetime subscriber

#3147919 16-Oct-2023 01:59

I suspect they're doing some IP whitelisting and perhaps their geoip database is out of date. I can connect through a Quic connection on an older IP subnet but can't connect through to them on my home connection which has a newer subnet (I think the subnet I see you're on is also newer). I wish companies like this would just use something like Cloudflare instead of local IP whitelisting.

@quic - you may need to flick them the newer IP ranges. Contact details here: https://mypractice.co.nz/home/support/

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

astrae

268 posts

Ultimate Geek
+1 received by user: 24

#3152145 25-Oct-2023 15:29

michaelmurfy:

I suspect they're doing some IP whitelisting and perhaps their geoip database is out of date. I can connect through a Quic connection on an older IP subnet but can't connect through to them on my home connection which has a newer subnet (I think the subnet I see you're on is also newer). I wish companies like this would just use something like Cloudflare instead of local IP whitelisting.

@quic - you may need to flick them the newer IP ranges. Contact details here: https://mypractice.co.nz/home/support/

I sent My Practice an email on September 20th regarding this issue and never got a response.

stevob

24 posts

Geek
+1 received by user: 36

#3152199 25-Oct-2023 17:42

astrae:

I sent My Practice an email on September 20th regarding this issue and never got a response.

Did the same a week ago an I've not had a response yet either.

Digging deeper, could it be geoblocking related to the subnet I'm on registered with country: US as per below Whois lookup?

Other Vetta IPs have country as NZ.

inetnum: 5.134.85.0 - 5.134.85.255
netname: Vetta_Online_Ltd
country: US
org: ORG-VOL11-RIPE
remarks: noc@vetta.net
remarks: +64 3 222 6111
remarks: Geofeed https://vetta.net/geo/qbip.csv
admin-c: NOC834
tech-c: NOC834
status: SUB-ALLOCATED PA
mnt-by: IPXO-MNT
created: 2023-04-05T08:16:07Z
last-modified: 2023-09-10T07:00:45Z
source: RIPE

Bung

6734 posts

Uber Geek
+1 received by user: 2928

Subscriber

#3152202 25-Oct-2023 18:47

Why should they make assumptions about where the users might be? By the time many people start travelling they've reached the age that accumulates quite a medical history. Access to your records shouldn't depend on you being in NZ.

gehenna

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#3152206 25-Oct-2023 19:09

There are requirements about where a patient is registered and geo located per legislation

Lego

Shop now for Lego sets and other gifts (affiliate link).

Linux

12188 posts

Uber Geek
+1 received by user: 8480

Trusted

Lifetime subscriber

#3152212 25-Oct-2023 19:45

astrae:
michaelmurfy:

I suspect they're doing some IP whitelisting and perhaps their geoip database is out of date. I can connect through a Quic connection on an older IP subnet but can't connect through to them on my home connection which has a newer subnet (I think the subnet I see you're on is also newer). I wish companies like this would just use something like Cloudflare instead of local IP whitelisting.

@quic - you may need to flick them the newer IP ranges. Contact details here: https://mypractice.co.nz/home/support/

I sent My Practice an email on September 20th regarding this issue and never got a response.

@astrae You are dreaming if you think your practice will do anything or know who to contact

I worked on the IT health side for about 18 months for NZ largest health cloud provider! Awesome place to work for fantastic staff!

The staff thar work in medical centre's have very very limited IT knowledge

astrae

268 posts

Ultimate Geek
+1 received by user: 24

#3152216 25-Oct-2023 19:50

@linux

"Your Practice" is the company running the health website so they better know what they are doing with their Web interface.

I didn't email my GP practice

Linux

12188 posts

Uber Geek
+1 received by user: 8480

Trusted

Lifetime subscriber

#3152217 25-Oct-2023 19:54

astrae: @linux

"Your Practice" is the company running the health website so they better know what they are doing with their Web interface.

I didn't email my GP practice

@astrae Do you mean ' My Practice '? Things could of changed since I left

Common practice software in NZ is Medtech32, Medtech EVO and My Practice and indici

astrae

268 posts

Ultimate Geek
+1 received by user: 24

#3152218 25-Oct-2023 19:55

Linux:
astrae: @linux

"Your Practice" is the company running the health website so they better know what they are doing with their Web interface.

I didn't email my GP practice

@astrae Do you mean ' My Practice '? Things could of changed since I left

Common practice software in NZ is Medtech32, Medtech EVO and My Practice and indici

Sorry yes. My phone keeps auto correcting for some reason

michaelmurfy

meow
13581 posts

Uber Geek
+1 received by user: 10914

Moderator

ID Verified

Trusted

Lifetime subscriber

#3152265 26-Oct-2023 00:40

So much like @Linux I also did my time in the Health IT sector and personally found My Practice to be pretty terrible to deal with. This is however going back ~10yrs ago though.

I flicked an email also to the WHOIS details on the domain hoping to find somebody who can potentially help with what I know to be newer Quic subnets. We'll see what happens but don't hold your breath. I suspect it may come down to finding the person who set up the IP filtering in the first place but also it could be a case of them using something like a Fortigate with no license (which means it'll function fine as a router but not get any GeoIP updates).

AliExpress

Shop now on AliExpress (affiliate link).

Bung

6734 posts

Uber Geek
+1 received by user: 2928

Subscriber

#3152267 26-Oct-2023 02:58

gehenna: There are requirements about where a patient is registered and geo located per legislation

I can find some derails about who can enrol with a PHO and when you initially setup your access your ID could be checked

"In order to balance convenience with privacy by validating your identity prior to getting access to your records in a patient portal, an identity verification service may be used by GP practices to verify your identity online.

"Cloudcheck" from Verifi Identity Services is one of the services that may be used. This is a third-party service which can check your identification information and provide a simple confirmation back to your GP practice to finish your enrolment."

Once you have an NZ GP and a portal login I still can't see why I couldn't access my records from Bhutan if that’s where I'm visiting.

gehenna

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#3152317 26-Oct-2023 10:40

They're likely geo restricting global IP ranges of some countries with known threat vectors.

stevob

24 posts

Geek
+1 received by user: 36

#3154116 31-Oct-2023 17:16

Pleased to update this is now sorted.

The team at MyPractice got in touch and have organised for Quic IP range to be whitelisted.

Cheers all for your input and helpful pointers in the right direction.