4 Replies Latest reply on Jan 23, 2012 6:02 AM by richardsd

    Firewall cannot connect with Firewall Profiler due to SSL errors

      Hello,

      Recently I was tasked with getting our firewall ( ver 7.0.1.02) to report to the Firewall profiler ver 2.00.

      However I seem to have run into an issue with the firewall data feed.

      I cannot get the firewall to transfer to the profiler.

      There appears to be an issue with the certificate from the profiler.

      Has anyone seen this sort of problem before when implementing firewall profiler?

      Below is a TCP dump and excerpt from our audit logs.

       

      Thank you for your time.

      James

       

      TCP Dump:


      Aug 24 12:53:47 2011 EDT  f_utt_client a_libproxycommont_attack p_major

      pid: 2151 ruid: 0 euid: 0 pgid: 2151 logid: 0 cmd: 'uttp'

      domain: UTTp edomain: UTTp hostname:xxx.xxxxx.xxxxxx.xxxx

      category: protocol_violation event: SSL session error

      netsessid: 4e552c9b00060e78 srcip: 10.0.0.1 srcport:36537

      srcburb: Firewall dst_local_port: 7775 protocol: 6src_local_port: 0

      dstip: 127.0.0.1 dstport: 7775 dstburb: internal

      attackip: 127.0.0.1 attackburb: internal rule_name:Profiler Traffic

      reason: The SSL session failed.  This may be aconfiguration error, or it may be an attempt to subvert the protocol. Connection closed.

      information: SSL_connect

      SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verifyfailed

       

       

       

      Audit log excerpt from the firewall:


      Aug 25 08:14:19 2011 EDT  f_resolver a_server t_error p_major

      pid: 82629 ruid: 0 euid: 0 pgid: 82629 logid: 0 cmd: 'resolverd'

      domain: Rsvr edomain: Rsvr hostname: xxx.xxxxx.xxxxxx.xxxx

      event: file transfer failure file: /var/run/resolverd/dispatch.bndl

      information: Failed policy 1774-1314211577.54-1314274215 transfer to swcfg@127.0.0.1:xxx.xxxxx.xxxxxx.xxxx.swb: Lost connection