Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
806 Views 2 Replies Latest reply: Feb 22, 2013 5:09 PM by sliedl RSS
grinder Apprentice 102 posts since
Feb 8, 2013
Currently Being Moderated

Feb 22, 2013 4:05 PM

Cannot Access Internet

Our MFE is v8.3.0  I have it in just a basic setup for testing.  I know the external side works because I can resolve DNS on Internet IP's and I can ping Internet IP's using the Tools from the Admin Console.  However none of the clients on the internal side can access the internet.  When looking in the audit monitor this is what happens:

 

2013-02-22 14:52:04 -0700 f_http_proxy a_libproxycommon t_error p_major

pid: 1675 logid: 0 cmd: 'httpp' hostname: fw.mydomain.local

information: -13|Permission denied

pc_conn_do_connect: can't connect server socket to address 184.180.124.106, port 80, type SOCK_STREAM

 

And then I see this in the logs right after it:

 

2013-02-22 15:01:04 -0700 f_http_proxy a_aclquery t_attack p_major

pid: 1675 logid: 0 cmd: 'httpp' hostname: fw.mydomain.local

category: policy_violation event: ACL deny attackip: 192.168.0.184

attackzone: LAN application: <Unknown TCP> srcip: 192.168.0.184

srcport: 49185 srczone: LAN protocol: 6 dstip: 184.180.124.106

dstport: 80 dstzone: external rule_name: Deny All cache_hit: 1

ssl_name: Exempt All reason: Traffic denied by policy.

 

 

My ACL for internet access looks like this:

 

 

I have no idea what is going on.  Right now it is a very simple setup.  Has anyone seen this permisssion denied errors before?  I also cannot update the anti-virus signatures, GEO IP database, etc.  They also return a Permission Denied error like this:

 

2013-02-22 15:04:34 -0700 f_vscan a_signature_ips t_error p_major

pid: 4777 logid: 101 cmd: 'ips_pkgmgrcmd' hostname: fw.mydomain.local

information: Connect to signatures data host downloads.securecomputing.com failed. Error: (13, 'Permission denied')

  • mtuma McAfee SME 315 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Feb 22, 2013 4:47 PM (in response to grinder)
    Re: Cannot Access Internet

    Hello,

     

    "Unknown TCP" is the problem here. This shows up when the firewall cannot identify the application, and alot of times it is when the server closes the connection early. Are you able to do tcpdumps to see what the communication looks like on the server side?

     

    Regards,

     

    Matt

  • sliedl McAfee SME 535 posts since
    Nov 3, 2009
    Currently Being Moderated
    2. Feb 22, 2013 5:09 PM (in response to grinder)
    Re: Cannot Access Internet

    Do your PC clients have proxy settings set in their browsers?

     

    If you run 'df' on the command-line of the firewall are any of the partitions full?

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points