5 Replies Latest reply on Aug 13, 2012 1:40 AM by gnn_nicolas

    Firewall blocking images on all websites

      Hi,

         I'm a beginner with MC Afee firewall and I am using the verson 8.1.1 with a profiler all working OK but I am experiencing problem with image/video display on all websites. All other contents are displayed.

      My Rule is as follow:

       

      Application:HTTP;

      Source: Any;

      Destination: www.anywebsite.com

      NAT: Localhost;

      Application Defense group: Default;

       

      Anything else is on Default Setting.

      However changing Destination to "Any" allow images to be displayed.

       

      Should I provide any more info.

        • 1. Re: Firewall blocking images on all websites
          PhilM

          Not wishing to sound as though I'm giving you a standard "Have you tried switching it off and on again?" response, the one thing I can see is that your software is not up to date. There has been quite a bit of development with MFE v8 and things got a lot more stable with the 8.2 release.

           

          The current release is 8.2.1 with patch 3 (8.2.1P03) and I would recommend that you install all the outstanding patches to get your Firewall to that version as soon as you can.

           

          The fact that the only change you are indicating is changing the destination from "www.anywebsite.com" to "Any" could suggest you may have a DNS issue. Are the images for "www.anywebsite.com" coming from the same location? In many instances the images can be stored in a different location (e.g. images.anywebsite.com or images.somebody-elses-website.com) and if this your only outbound HTTP rule and it is only allowing outbound HTTP to a specific hostname it could explain why you can see the content/body of the site, but no images or videos.

           

          Hope that helps.

           

          -Phil.

          • 2. Re: Firewall blocking images on all websites

            Hello,

             

            I'm assuming you are using a host object for www.anywebsite.com? Or a domain object?

             

            Keep in mind that many images are hosted on other servers, if you are only allowing www.anywebsite.com, images hosted on other servers will be blocked.

             

            -Matt

            1 of 1 people found this helpful
            • 3. Re: Firewall blocking images on all websites

              I am using host object and I see now how it might be a problem. So, is there any other way (new or additional configuration) that will allow all contents display from www.anywebsite.com.

               

              Thank you

              • 4. Re: Firewall blocking images on all websites
                PhilM

                As Matt says, the problem you are experiencing is because many web sites often host their image content (and other elements) on different servers and these servers may not be part of the www.anywebsite.com host object you are trying to use in your rule.

                 

                The rule will allow users to access www.anywebsite.com, but as soon as links on that web site try to download images and the URLs for those images are located at www.anotherwebsite.com when these requests are sent to your firewall they will not match the explicit rule you have created and will fall through to the Deny All rule at the bottom.

                 

                If you are looking to control web access and you are running version 8, maybe you should consider implementing a SmartFilter policy which will allow you to deny access to large portions of the internet by category type (Pornography, Malicious Sites, etc...).

                 

                -Phil.

                • 5. Re: Firewall blocking images on all websites

                  I've tried a couple of times and it seems that customizing smartfillter policy will be the solution.

                   

                  Thank you, Phil and Matt, very much for your help.