Protocol Control blocking incorrect ports

[medallion]

I just spent days figuring out why our outside staff could not access our Filemaker server. Filemaker uses port 5003 and has been doing so for well over a decade or more.

I finally located in our Untangle reports that Protocol Control was wrongly associating port 5003 and port 53 with the predefined Soulseek and Xunlei P2P Protocols. I have all P2P protocols set to block. Why Xunlei should be associated with DNS port 53 is beyond me.

Please see attached Untangle report page.

[sky-knight]

The reports don't indicate TCP vs UDP so you have to be careful here.

UDP 5003 is for filemaker, TCP is not. Just like UDP 53 is for DNS lookups where as TCP 53 is for DNS Zone transfers.

In any event people that bypass security protocols do so by ignoring the standards and doing what they want. So you have a protocol control rule that is blocking port 5003 and preventing filemaker from working?

This isn't a malfunction with the protocol control module, it's a bug that looks like filemaker. Turn off the offending rule.. sometimes you can't have it all!

However, if you have the policy manager. You could always create a second virtual rack, and route all traffic bound for your filemaker server into that second rack. Then, you could disable the problematic protocol control rule only within that context. Allowing your filemaker to work, while leaving the P2P rule in place for the rest of the network.

[medallion]

Thank you Sky, your explanation makes perfect sense.

[medallion]

Quote:

Originally Posted by sky-knight

The reports don't indicate TCP vs UDP so you have to be careful here.

UDP 5003 is for filemaker, TCP is not.

Actually I looked it up on Filemaker.com support and Filemaker does indeed use both TCP and UDP port 5003.

[dmorris]

this is probably just a false positive on the protocol control signature.

You can do as sky suggested or just disable the rules.

protocol control doesn't even look at the port - it scans all ports with the signatures

[medallion]

Quote:

Originally Posted by dmorris

this is probably just a false positive on the protocol control signature.

You can do as sky suggested or just disable the rules.

protocol control doesn't even look at the port - it scans all ports with the signatures

Where can I find detailed instruction on how to setup Policies? I tried to setup one up but it's not working. I want to make sure I'm doing correctly.

[JGrubbs]

We have noticed Protocol Control blocking some connections to OpenDNS, it looks like it is classifying these connections as Gaming. In the attached image you can see that is thinks these connections are World of Warcraft.