Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
858 Views 3 Replies Latest reply: Jan 25, 2013 9:31 AM by mtuma RSS
Travler The Place at McAfee Member 255 posts since
Mar 28, 2008
Currently Being Moderated

Jan 24, 2013 4:20 PM

Rule problem; port 17000

I'm trying to allow traffic to a website which is accessed on TCP 17000.  Since the only two internal workstations that need to access this site already have a rule for other ports to the same company, I'm trying to edit this existing rule.  The company states that it uses a different IP than the IPs we currently have in the rule, so I simply added TCP 17000 as an Application and added the new IP to the Endpoints.  This doesn't work.  I immediately get a Web Gateway page stating "Cannot Connect  The proxy could not connect to the destination in time", much like you'd expect if a website did not exist.  (I've confirmed the site does exist by using a system outside our network.)  I've contacted the company and they don't use ACLs or have any restrictions, so it isn't something along those lines.  Furthermore, they can see my incoming pings when attempted by domain name, so it isn't a DNS problem. 

 

When I look at the MFE audit, I'll see 6 entries all showing traffic from the Web Gateway to the correct Endpoint IP on 17000 but with the error message of: reason: Received a TCP connection attempt destined for a service that the current policy does not support.

 

My rule looks good, so I don't know why it isn't liking this.  So, I'm open for suggestions. 

 

The only other "oddity" was that our MFE licenses expired on the 18th and I didn't catch this until I started checking the audits while troubleshooting this today.  I went to License and clicked on Activate Firewall which updated our licensing with no problem (it now shows our correct expiration date).  Could this somehow be affecting my rule changes that I made prior to updating the license?

 

TIA!


ePO 4.6.6 (Build: 176)
MA 4.8.0.1500

VSE 8.8.0.975, 5400 Engine (2600+ systems)
EE Agent 7.0.3.413
EEPC 7.0.3.413
Intrushield 5.1.17.7
I-2700 Sensor 5.1.5.217

MWG 7.3.2.8.0 (17286)
MWR 5.2 (Build: 1086)
MFE 8.3.2 Patch2
  • mtuma McAfee SME 315 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Jan 24, 2013 4:32 PM (in response to Travler)
    Re: Rule problem; port 17000

    Hello,

     

    Can you show us your rule, and also the entire audit netprobe message? It sounds like it might be something you missed with the rule.

     

    Also, just to let you know, if the support license expires, traffic will still keep passing.

     

    -Matt

  • mtuma McAfee SME 315 posts since
    Nov 3, 2009
    Currently Being Moderated
    3. Jan 25, 2013 9:31 AM (in response to Travler)
    Re: Rule problem; port 17000

    Glad you were able to get it working.

     

    -Matt

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points