Sorry all not even a problem with our firewall. Turns out most of the
internet blocks outbound on port 4444 due to the blaster worm. Thus the
packets were not even getting to us. We moved the app to a different port
and all works fine now.
Gotta remember to research port numbers before choosing them next time.
thanks for all the quick responses.
Michael Guyear
Network Guy
The University of the South
----- Original Message -----
From: "Michael Guyear" <mguyear AT sewanee DOT edu>
To: <fw-1-mailinglist AT amadeus.us.checkpoint DOT com>
Sent: Friday, March 26, 2004 11:31 AM
Subject: Problem with https from and external defined network to an internal
host
> Using NG3 on a linux platform
> 3 networks in the topology.
>
> External - All off campus connection - defined as external in the Topology
> Campus-network - All on campus users - defined as internal in the Topology
> Secured-servers - Main campus admin servers - defined as Internal in the
> Topology
>
>
> WE have a HTTPS server running on port 4444 that we need to allow access
to
> from the internet. I set up a rule that allows traffic on port 4444 from
> anywhere. (Source : any, Destination: httpsServer, If Via:Any, Service:
> Tcp_Port_4444, Action:accept, Track:log)
>
> Nowhere in the logs does it show up that a connection attempt is even made
> and all the client sees is Cannot Finder Server in their browser.
>
> I also set up a rule that allowed all traffic from a specif external
address
> to any destination on any service and logged it. Still did not see the
HTTPS
> request go through. (Source : External_static_IP, Destination: Any, If
> Via:Any, Service:Any, Action:accept, Track:log)
>
> Same thing nothing is passed through and nothing shows in the logs.
>
> I also set up a rule that allowed all traffic from a Campus_Network to
> httpsServer on port 4444 and logged it. . (Source : Campus_Network,
> Destination: httpsServer, If Via:Any, Service: Tcp_Port_4444,
Action:accept,
> Track:log)
>
> This HTTPS request goes through fine and shows in the logs.
>
> Is there something different that need to be done to allow HTTPS traffic
> from external networks to access an internal server?
>
> Thanks for any insight you could provide in advance.
>
> Michael Guyear
> Network Guy
> The University of the South
>
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
