7 Replies Latest reply on Sep 14, 2012 8:36 AM by sushil

    Https traffic Denied on windows 7 machine

    sushil

      Hi,

      Facing a very strange problem.Recently we created certain SSL rules in our enteprrise appliance running 8.1.2.

      Rule created as follows

      Type : outbound

      Action : Decrypt/re-encrypt

      Port TCP: 443

      Source :internal Network

      Destination : any

      SSL decryption setting from (client to firewall) and then ssl re-encryption settings (firewall to Server) are configured correctly.

       

       

      This is done in order to have control on SSL traffic with smart filter which is running on separate machine.So based upon the content allowed or blocked via smart filter are processed. (This is done because new version of appliance does not have https application defense.Without this ssl traffic can't be inspected.

       

      We are able to achieve control of https traffic so that,on same smart filter category say Dating/Social networking facebook can be allowed (global allow) and twitter can be blocked.

       

      But after implimenting this all the internal computer running as windows 7 operating system or server 2008R2 as well not able to go to any https site.Audit log shows that

      Traffic denied by policy.

      Application <Unknown TCP>

      Attackip 192.168.0.66

      Attackzone internal

      Category policy_violation

      Cmd httpp

      Date 2012-09-11

      Dest Port 443

      Dest Zone external

      Dst_geo US

      Dstip 74.125.236.149

      Event ACL deny

      Facility http_proxy

      Hostname Test

      Protocol tcp

      Reason Traffic denied by policy.

      Rule Name Deny All

      Source Port 52783

      Source Zone internal

      Srcip 192.168.0.66

      Ssl_name FB

      Syslog 2

      Syslog Critical (2)

      Time 15:17:14 +0530

      Type attack

       

      But all computers and server running on windows XP and 2003 servers are able to access the https sites.

      Is it something got to do with the specific operating system behaviour?

      How can Appliance consider the traffic from withing the same network and allow access to one type of OS and block others.IE version is same on all the computers irrespective of OS running.

      I tried with all brwoser like google chrome,mozilla firefox without any success.

       

      Regards,

      Sushil

        • 1. Re: Https traffic Denied on windows 7 machine
          PhilM

          Unless one of the McAfee guys on the forum know what's going on, I suspect that you may need to raise a service request with support.

           

          However, one thing worth pointing out is that you say you are running 8.1.2. The current release is 8.2.1P03 and there have been any number of fixes applied between your version and the current one.

           

          You may well find that an upgrade will fix the problem.

           

          -Phil.

          • 2. Re: Https traffic Denied on windows 7 machine
            sushil

            Thanks Phil.

            I would schedule this on coming weekend.

             

            To test it further we built a windows 7 machine.Again we disabled windows update from microsoft website and checked and managed to pass the traffic.

             

            Again we tried downloading the updates on this machine so that can check if any particular kb is blocking it.

            But we are not able to connect to microsoft update center.

             

            Anyways created Kb and expecting the response.

             

            Phil-Is it possible to directtly upgrade to 8.2.1 version from 8.1.2?

            I can see in the release notes that first it has to be on 8.2.0 at least.I am using firewall appliance.

             

             

            Sushil

             

            Message was edited by: sushil on 9/12/12 6:58:56 AM CDT
            • 3. Re: Https traffic Denied on windows 7 machine
              PhilM

              If you go to the Maintenance  -> Software Management GUI screen, you should be able to download all available updates.

               

              Once downloaded you should be able to work out your upgrade path by looking at the "Dependencies" column.

               

              As 8.2.1 lists 8.2.0 as a dependency you will need to go from 8.1.2 -> 8.2.0 -> 8.2.1.

               

              The interim 8.2.1 patches P01, P02 & P03 are not inter-dependent. P03 simply lists 8.2.1 as its dependency, so you should be able to install P03 without needing to install P01 & P02 first.

               

              -Phil.

              1 of 1 people found this helpful
              • 4. Re: Https traffic Denied on windows 7 machine
                sushil

                Thanks Phil.

                Will upgrade it and check if it solves the issue.

                 

                Sushil

                • 5. Re: Https traffic Denied on windows 7 machine
                  PhilM

                  I've just checked again, and since I last looked there would appear to be an 8.2.1P04 patch. So this, rather than P03 is the current release.

                   

                  -Phil.

                  • 6. Re: Https traffic Denied on windows 7 machine

                    Hello,

                     

                    It is advisable to upgrade to 821P04 definetly. If that does not help, I suggest that you get a case open with support. It can be a bit tricky to get SSL decryption/re-encryption setup, though it does seem very strange that the only OS that seems to have issues is Windows 7.

                     

                    -Matt

                    • 7. Re: Https traffic Denied on windows 7 machine
                      sushil

                      Opended the case with support.Advised to upgrade to 821P03.

                      Issue resolved for me.

                       

                      Now again new problem arose.

                      Skype fail to load on any of the machine.The audit log is showing the same error as was for any https sites previously.

                       

                       

                      Driving me crazy.Seems to again go back to support.

                       

                      You gentlemen anyways has any suggestion to it.

                       

                      I allowed skype through access rules,but it seems if it going to port 443 on ssl rules and denying the traffic.

                       

                      Sushil