1 Reply Latest reply on Nov 18, 2014 11:05 AM by sliedl

    sidewinder firewall listening on http proxy

    donli

      Hi all,

       

      Recently i notice on my sidewinder firewall 8.2.1 logs that there are log events where an external source eg 1.1.1.1 is trying to access an external destination ip address eg 2.2.2.2 at tcp port 80 where both ip addresses do not belong to any of the subnet that my firewall is connected though the action is denied by the firewall. Later i notice that if i use a test pc connected to a different internet and configure the browser to use my sidewinder firewall's external ip address as the proxy at tcp port 80 and access another internet ip address that does not belong to any subnet connected to my firewall, i can see logs generated just like what i describe earlier.

       

      On my firewall auditing i can see that my test pc internet ip attempt to my firewall external ip at tcp80 is denied by my firewall implicit rule, however it would still generate the logs indicating that my test pc is trying to access an external destination ip eg 2.2.2.2 at tcp80 though its denied, why is this so?

       

      Also when i do a telnet to my firewall external ip at tcp80 from the internet, its able to go through though the audit logs show my test pc internet ip is denied.

      Hence it seems my firewall is listening on tcp80. How can i turn it off?

       

      Pls advise, TIA!