0 Replies Latest reply on Aug 13, 2013 2:56 PM by bblanchard

    McAfee Agent traffic not recognized by SSL/TLS (HTTPS) firewall rule

    bblanchard

      We're currently trying to implement an Agent Handler in our DMZ and the firewall seems to not recognize traffic on port 443 coming from the McAfee agent as an SSL/TLS (HTTPS) application. I attached a screenshots from our firewall log that shows when we try to connect from the McAfee Agent and when we try from a browser on that machine.

       

      Essentially when we try from a browser by entering HTTPS://<Agent Handler public IP> we see on the firewall the traffic being re directed to the agent handler and on it, it shows that the connection is established (from the netstat command). The firewall also recognize the traffic as beeing SSL/TTL (HTTPS).  When we try to connect with the McAfee agent by forcing the connection, the firewall does not recognize the application therefore, the ACL will not permit/redirect the traffic to the agent handler.

       

      The current firewall rule (McAfee Firewall 8.x) is configured with a netmap from a public IP to the Agent Handler IP in the DMZ:

       

      Application: SSL/TLS (HTTPS)

      Source: Any IPv4

      Source zone: external

      Destination: <netmap for agent handler in DMZ>

      Destination zone: external

       

      Is the McAfee agent not using the SSL/TSL (HTTPS) protocol ?  Should we use a custom application instead ?

       

      Message was edited by: bblanchard on 13/08/13 2:56:35 CDT PM