Facing a very strange problem.Recently we created certain SSL rules in our enteprrise appliance running 8.1.2.
Rule created as follows
Type : outbound
Action : Decrypt/re-encrypt
Port TCP: 443
Source :internal Network
Destination : any
SSL decryption setting from (client to firewall) and then ssl re-encryption settings (firewall to Server) are configured correctly.
This is done in order to have control on SSL traffic with smart filter which is running on separate machine.So based upon the content allowed or blocked via smart filter are processed. (This is done because new version of appliance does not have https application defense.Without this ssl traffic can't be inspected.
We are able to achieve control of https traffic so that,on same smart filter category say Dating/Social networking facebook can be allowed (global allow) and twitter can be blocked.
But after implimenting this all the internal computer running as windows 7 operating system or server 2008R2 as well not able to go to any https site.Audit log shows that
Traffic denied by policy.
Application <Unknown TCP>
Dest Port 443
Dest Zone external
Event ACL deny
Reason Traffic denied by policy.
Rule Name Deny All
Source Port 52783
Source Zone internal
Syslog Critical (2)
Time 15:17:14 +0530
But all computers and server running on windows XP and 2003 servers are able to access the https sites.
Is it something got to do with the specific operating system behaviour?
How can Appliance consider the traffic from withing the same network and allow access to one type of OS and block others.IE version is same on all the computers irrespective of OS running.
I tried with all brwoser like google chrome,mozilla firefox without any success.
Unless one of the McAfee guys on the forum know what's going on, I suspect that you may need to raise a service request with support.
However, one thing worth pointing out is that you say you are running 8.1.2. The current release is 8.2.1P03 and there have been any number of fixes applied between your version and the current one.
You may well find that an upgrade will fix the problem.
I would schedule this on coming weekend.
To test it further we built a windows 7 machine.Again we disabled windows update from microsoft website and checked and managed to pass the traffic.
Again we tried downloading the updates on this machine so that can check if any particular kb is blocking it.
But we are not able to connect to microsoft update center.
Anyways created Kb and expecting the response.
Phil-Is it possible to directtly upgrade to 8.2.1 version from 8.1.2?
I can see in the release notes that first it has to be on 8.2.0 at least.I am using firewall appliance.
SushilMessage was edited by: sushil on 9/12/12 6:58:56 AM CDT
If you go to the Maintenance -> Software Management GUI screen, you should be able to download all available updates.
Once downloaded you should be able to work out your upgrade path by looking at the "Dependencies" column.
As 8.2.1 lists 8.2.0 as a dependency you will need to go from 8.1.2 -> 8.2.0 -> 8.2.1.
The interim 8.2.1 patches P01, P02 & P03 are not inter-dependent. P03 simply lists 8.2.1 as its dependency, so you should be able to install P03 without needing to install P01 & P02 first.
It is advisable to upgrade to 821P04 definetly. If that does not help, I suggest that you get a case open with support. It can be a bit tricky to get SSL decryption/re-encryption setup, though it does seem very strange that the only OS that seems to have issues is Windows 7.
Opended the case with support.Advised to upgrade to 821P03.
Issue resolved for me.
Now again new problem arose.
Skype fail to load on any of the machine.The audit log is showing the same error as was for any https sites previously.
Driving me crazy.Seems to again go back to support.
You gentlemen anyways has any suggestion to it.
I allowed skype through access rules,but it seems if it going to port 443 on ssl rules and denying the traffic.