cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jkeranen
Level 7
Report Inappropriate Content
Message 1 of 5

DENY ALL rule blocking port 443 traffic....???

I am having problems allowing traffic through to some printer mgmt software our new supplier needs us to use.   He said I need to open up port 443 to https traffic and be able to reach the following websites

     https://reg.support.ricoh.com/atremotecenter/mainservlet

     https://210.173.216.40/i02/AS

I get the following message in the logs regarding this traffic.

2012-03-01 09:51:12 -0600 f_http_proxy a_aclquery t_attack p_major

pid: 67147 logid: 0 cmd: 'httpp' hostname: nocgate1.humdev.com

category: policy_violation event: ACL deny attackip: 10.128.104.182

attackzone: internal application: <Unknown TCP> srcip: 10.128.104.182

srcport: 54174 srczone: internal protocol: 6 dst_geo: JP

dstip: 210.173.216.40 dstport: 443 dstzone: external rule_name: Deny All

cache_hit: 1 ssl_name: Exempt All reason: Traffic denied by policy.

I can't figure out why deny all is stopping this.      I can't ping the IP above either.   I know it is located in Japan but I don't have that geoblocked.  I get another ip referenced in the logs regarding trying to get to these websites and it is 210.173.217.143.     I'm stumped.   I've had to open up several non standard tcp ports in the past 6 months but this doesn't reference that.   443 should be open already.   Any suggestions are greatly appreciated.  Thanks in advance for you help.    JK

4 Replies
sliedl
Level 14
Report Inappropriate Content
Message 2 of 5

Re: DENY ALL rule blocking port 443 traffic....???

Instead of using the SSL/TLS (HTTPS) application in your rule, try creating a custom application on TCP port 443 and use that in your rule.  That should work.

This traffic is probably not matching HTTPS and falling through that rule, hitting the Deny All rule.  If you make a new rule with this custom 443 application and put it below your current HTTPS rule the traffic should work (because it will fall through one rule and hit the other).

jkeranen
Level 7
Report Inappropriate Content
Message 3 of 5

Re: DENY ALL rule blocking port 443 traffic....???

Thanks for the response.   I set up a custom app by choosing tcp/udp and specifying port 443.    I did not select the "other" bullet.   I selected ANY for endpts and that didn't work.   I then selected the IP's in question for endpts and that didn't work.   I set up subnets in defense bypass and selected them as endpts but that didn't work.      I have a 'generic' ssl/tls rule set up upstream of this 443 rule with ANY as endpts.    Still stumped.........I appreciate your info though.    THanks.  JK

sliedl
Level 14
Report Inappropriate Content
Message 4 of 5

Re: DENY ALL rule blocking port 443 traffic....???

I tested these sites with a 443 packet filter application and looked at tcpdumps:

https://reg.support.ricoh.com/atremotecenter/mainservlet

- This site did not respond to my SYN requests.  The connection timed out.

https://210.173.216.40/i02/AS

- This site FINed my connection

The firewall never blocked anything or threw any errors.  The first site timed out and the second site refused my connection.

jkeranen
Level 7
Report Inappropriate Content
Message 5 of 5

Re: DENY ALL rule blocking port 443 traffic....???

Very interesting.   Again, thanks for the help.   Apparently there is something amiss with these websites.  In fact I suspect there is a chance they may be controlling access to these sites on their end.      I tried to get to them over lunch from outside the firewall and still no luck.     

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community