Welcome, Guest. Please login or register.
Did you miss your activation email?
Monday 18 November 2024, 10:45:32 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14258 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  EFW block port 80 on one ip address
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: EFW block port 80 on one ip address  (Read 25973 times)
rosol
Jr. Member
*
Offline Offline

Posts: 8


« on: Wednesday 19 August 2015, 09:27:56 pm »

Hello.

I'm finishing testing Endian on VMware.
It's commercial version - my support is disabled currently :-(
Endian is in 3.0.5 version and last update is 08-10-2015

I'm getting issue like in subject.

Firewall has rule to allow with IPS traffic on port 80 to RED.
And all traffic on 80 port works fine, web pages display correctly expect one ip address.
This blocked ip address on 80 port isn't blocked on 443 port.

IDS is enabled but with default rules, i mean it's not blocking but it's in listening and reporting state.

When i've turned off outgoing connections of FW, got the same issue, this specified ip address is still blocked on 80 port.

Do you have ane advice how to fix it or check what's blocking this ip address on 80 port only?

Thank you.
Logged
rosol
Jr. Member
*
Offline Offline

Posts: 8


« Reply #1 on: Wednesday 19 August 2015, 09:30:01 pm »

I've forgot.
On IDS logs got only this one:

Date:   Aug 19 13:24:34   Name:   (portscan) TCP Portsweep
Priority:   n/a   Type:   n/a
IP info:   192.168.1.124:n/a -> 195.78.66.217:n/a
References:   none found   SID:   n/a

This 195.78.66.217 ip address is blocked on 80 port only.
Other ones are pass through.
Logged
Gabriel GHEORGHIU
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #2 on: Thursday 20 August 2015, 04:58:40 pm »

Hi rosol,

Did you open port 80 on 195.78.66.217?

Best regards,
Gabriel
Logged
rosol
Jr. Member
*
Offline Offline

Posts: 8


« Reply #3 on: Thursday 20 August 2015, 07:13:01 pm »

Hello.

FW policy says that all outgoing traffic on 80 port is allowed with IPS.
Additionally i've created rule to open 80 port on this 195.78.66.217 blocked ip address as first rule.
Still got the same issue.
Logged
Gabriel GHEORGHIU
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #4 on: Thursday 20 August 2015, 07:33:57 pm »

Hello,

Can you draw a schematic of your configuration  (how are you using EFW 3.0.5)?

Logged
rosol
Jr. Member
*
Offline Offline

Posts: 8


« Reply #5 on: Thursday 20 August 2015, 08:15:48 pm »

Hello.

Below is schema:

Internal network-->FW-->Internet

Very easy :-)

FW is as virtual machine.
Logged
Gabriel GHEORGHIU
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #6 on: Thursday 20 August 2015, 09:50:17 pm »

Hello,

Ok.
I saw that on 195.78.66.217 are open only the ports 21, 80, 443.

Maybe on that server are allowed, by the firewall in front of it, connections only on port 443 (https) and all conections that are coming on port 80 (hhtp) are dropped or redirected to 443.

(When I have used MS ForfrontTMG, for Webmail access, I have allowed only connections to https, using redirection of port 80 to 443).
Logged
rosol
Jr. Member
*
Offline Offline

Posts: 8


« Reply #7 on: Thursday 20 August 2015, 09:56:56 pm »

Hello.

No, you're wrong.
This ip address on port 80 has worked fine and from others ip addresses i'm able to open this web page.
Now i'm in contact to support of this host due to perhaps block my traffic on port 80.

Thank you for help.
Logged
Gabriel GHEORGHIU
Full Member
***
Offline Offline

Gender: Male
Posts: 57


« Reply #8 on: Thursday 20 August 2015, 10:09:37 pm »

You are welcome!
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.094 seconds with 21 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com