cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Level 10
Report Inappropriate Content
Message 1 of 4

Rule problem; port 17000

Jump to solution

I'm trying to allow traffic to a website which is accessed on TCP 17000.  Since the only two internal workstations that need to access this site already have a rule for other ports to the same company, I'm trying to edit this existing rule.  The company states that it uses a different IP than the IPs we currently have in the rule, so I simply added TCP 17000 as an Application and added the new IP to the Endpoints.  This doesn't work.  I immediately get a Web Gateway page stating "Cannot Connect  The proxy could not connect to the destination in time", much like you'd expect if a website did not exist.  (I've confirmed the site does exist by using a system outside our network.)  I've contacted the company and they don't use ACLs or have any restrictions, so it isn't something along those lines.  Furthermore, they can see my incoming pings when attempted by domain name, so it isn't a DNS problem. 

When I look at the MFE audit, I'll see 6 entries all showing traffic from the Web Gateway to the correct Endpoint IP on 17000 but with the error message of: reason: Received a TCP connection attempt destined for a service that the current policy does not support.

My rule looks good, so I don't know why it isn't liking this.  So, I'm open for suggestions. 

The only other "oddity" was that our MFE licenses expired on the 18th and I didn't catch this until I started checking the audits while troubleshooting this today.  I went to License and clicked on Activate Firewall which updated our licensing with no problem (it now shows our correct expiration date).  Could this somehow be affecting my rule changes that I made prior to updating the license?

TIA!

1 Solution

Accepted Solutions
Highlighted
Level 10
Report Inappropriate Content
Message 3 of 4

Re: Rule problem; port 17000

Jump to solution

A good night's sleep helps!  I've resolved the issue.  The problem was that I did not have our McAfee Web Gateway (MWG) IPs in the rule.  As soon as I added them, the website was accessable. 

And thanks for the license info.  I knew that traffic would continue to pass, but wasn't quite 100% sure that changes would be saved (although I didn't really believe that this functionality would be turned off; if it were, I would surely have known about the angry mob with the torches and pitchforks storming the McAfee castle).

View solution in original post

3 Replies
Level 13
Report Inappropriate Content
Message 2 of 4

Re: Rule problem; port 17000

Jump to solution

Hello,

Can you show us your rule, and also the entire audit netprobe message? It sounds like it might be something you missed with the rule.

Also, just to let you know, if the support license expires, traffic will still keep passing.

-Matt

Highlighted
Level 10
Report Inappropriate Content
Message 3 of 4

Re: Rule problem; port 17000

Jump to solution

A good night's sleep helps!  I've resolved the issue.  The problem was that I did not have our McAfee Web Gateway (MWG) IPs in the rule.  As soon as I added them, the website was accessable. 

And thanks for the license info.  I knew that traffic would continue to pass, but wasn't quite 100% sure that changes would be saved (although I didn't really believe that this functionality would be turned off; if it were, I would surely have known about the angry mob with the torches and pitchforks storming the McAfee castle).

View solution in original post

Highlighted
Level 13
Report Inappropriate Content
Message 4 of 4

Re: Rule problem; port 17000

Jump to solution

Glad you were able to get it working.

-Matt

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community