1 2 Previous Next 16 Replies Latest reply on Jun 6, 2014 7:56 AM by mathew.d.hailey

    Rsync Proxy

    mathew.d.hailey

      We upgraded from version 8.3.1P03 to version 8.3.2P02 and it seems to have killed our Rsync with mrepo.     Has anyone else experienced this?

       

      I have verified this on at least three different firewalls.     We use the value RSYNC_PROXY=hostname:837       Since the upgrade, rsync no longer works.  

       

       

      Application=Rsync

      Override Port=TCP/873 (cannot use UDP due to some IP filter warning)

      Application Defense=Minimal proxy

      Source=  <Any> Internal

      Destination= <Any> External

      Nat= localhost

      GTI=None 

       

      All traffic now hits the default deny all rule.     Error from rsync says "HTTP 403 forbidden"   I dont know why we are getting a HTTP error for a Rsync application......

       

      Message was edited by: mathew.d.hailey on 6/2/14 9:59:53 AM CDT

       

      Message was edited by: mathew.d.hailey on 6/2/14 10:30:02 AM CDT
        • 1. Re: Rsync Proxy

          Hello,

           

          Can you provide the full audit message showing the traffic hitting the deny all rule?

           

          -Matt

          • 2. Re: Rsync Proxy
            mathew.d.hailey

            2014-06-02 11:32:43 -0400 f_http_proxy a_aclquery t_attack p_major

            pid: 2054 logid: 0 cmd: 'httpp' hostname: FW8-Test.test.com

            category: policy_violation event: ACL deny attackip: 192.168.100.2

            attackzone: internal srcip: 192.168.100.2 srcport: 58868

            srczone: internal protocol: 6 dst_geo: US dstip: 129.2.73.2 dstport: 873

            dstzone: external rule_name: Deny All cache_hit: 1

            reason: Traffic denied by policy.

            • 3. Re: Rsync Proxy
              sliedl

              You can use the 'aconn' command-line tool at 8.3.2P03 to see why the traffic is skipping the rule you believe it should hit.  Run 'man aconn' or 'aconn -h' to see the command-line options.

              • 4. Re: Rsync Proxy
                mathew.d.hailey

                Can you guys update the control center file:  pub/commandcenter/autoDiscovery.xml   So that i can download 8.3.2P03?     from version 8.3.2P02 i dont have that command available. 

                • 5. Re: Rsync Proxy
                  sliedl

                  What I would do is create a new application on TCP and UDP 873 and use it in place of the Rsync application.  What is most likely happening here is it's not matching the Rsync signature in the application.

                   

                  You cannot use the 'rsync' application with 'minimal proxy' selected because the rsync application uses UDP ports and these cannot be 'promoted' to a proxy in the code.  Yahoo Messenger has the same limitation, as does any application signature using UDP ports.

                  • 6. Re: Rsync Proxy
                    sliedl

                    You must be at CC 5.3.2P02 to download 8.3.2P03.

                    • 7. Re: Rsync Proxy
                      mathew.d.hailey

                      Thanks for the headsup on the patch.   This may be a no-go for us as we still use firewall reporter which accodring to the release notes has been removed from this version of the control center.   

                      • 8. Re: Rsync Proxy
                        mathew.d.hailey

                        Agreed and understood.   However, we are only using TCP for this.....       The heart of the issue is we have no DFGW, so an ipfilter really wont work (unless we create separate ipfilter redirects/rules for each destination server, which is a nightmare).      This worked before, why not now?   Is there a specific reason that TCP/873 (not UDP) cannot be proxied?     According to this: http://en.wikipedia.org/wiki/Rsync   UDP is not even specified as a protocol........  

                         

                        Message was edited by: mathew.d.hailey on 6/2/14 11:35:11 AM CDT

                         

                        Message was edited by: mathew.d.hailey on 6/2/14 11:58:35 AM CDT
                        • 9. Re: Rsync Proxy
                          mathew.d.hailey

                          Is there a specific reason that TCP/873 (not UDP) cannot be proxied?     According to this: http://en.wikipedia.org/wiki/Rsync   UDP is not even specified as a protocol........  

                          1 2 Previous Next