Page 1 of 3 123 LastLast
Results 1 to 10 of 23
  1. #1
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,543

    Default Unifi portal being blocked by IPS

    So in the past couple of weeks, when we go to manage our clients on unifi.ui.com (the multi tenant portal for clients with on-prem Unifi controllers such as Cloud Keys)...we can log into the portal, and see our ~70 or so tenants there. But when clicking on a tenant to connect to...it errors out. And we see the below blocks in the IPS reports of Untangle.

    I have tried adding a bypass within the IPS module, "If destination IP is 34.203.0.0/16...whitelist..but then it gives me 2x other choices of recommended. Dunno what to do there.. I just want to whitelist that whole IP range (because there are quite a few IPs it can use at 34.203.250.0 and 34.203.251.0 and probably other 3rd octets also.

    I also tried "if outbound port is 3478"....but no luck, keeps blocking.

    So I go up to the top level of bypass rules...same thing, whote 34.203.0.0/16 range..but IPS keeps blocking me.
    If I turn off IPS I get in fine.

    UntangleUnifiCapture.JPG

    I don't want to hear "spin up your own cloud controller and avoid this"....we also have our own cloud controller for almost 200 other tenants...been using that since Unifi first went multi tenant. But we have some clients with on-prem controllers for various reasons so still need this to work.
    Last edited by YeOldeStonecat; 12-30-2019 at 10:31 AM.
    Resident "Geek on a Harley" in Southeast Connecticut, USA.

  2. #2
    Untangler
    Join Date
    Aug 2016
    Posts
    90

    Default

    Go into IPS app and look up the actions for signature id 2016149. If its default its simply set to log and should not be blocking. If it has been changed to block, you can unblock it there.

  3. #3
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,543

    Default

    Quote Originally Posted by ifican View Post
    Go into IPS app and look up the actions for signature id 2016149. If its default its simply set to log and should not be blocking. If it has been changed to block, you can unblock it there.
    Thanks for the reply. I found how to get there..but the "Edit" pencil is grayed out. Recommended action...log, rule action..Block.
    So...it must lay underneath some rules that I enabled which were not default. I did not create additional rules, likely I just changed (enabled) some default rules.
    Resident "Geek on a Harley" in Southeast Connecticut, USA.

  4. #4
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,543

    Default

    So unchecked the default "Critical Priority" rule allowed it to work...but I still cannot edit that individual rule, it remains grayed out to edit.

    UntangleIPS.JPG
    Resident "Geek on a Harley" in Southeast Connecticut, USA.

  5. #5
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,543

    Default

    OK...so my key was on the main status page.."When to scan". It was on "before network processing"...I changed to "after network processing"...and this is supposed to make bypass rules work. But it's not.
    Last edited by YeOldeStonecat; 12-30-2019 at 01:17 PM.
    Resident "Geek on a Harley" in Southeast Connecticut, USA.

  6. #6
    Untangler
    Join Date
    Aug 2016
    Posts
    90

    Default

    To be honest the ips sections does me in as well. I have a few that act funky but they log and dont block when i have whitelisted. Where did you read the processing order effects whitelisting. I will play with it more myself but hoping someone that know for sure pops in soon.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,637

    Default

    The module isn't easy to sort out, you use rules to select the rules... that logic can get fuzzy... fast. One bad signature is annoyingly difficult to remove, it's not trivial to identify either but at least that's in the logs.
    Last edited by sky-knight; 12-30-2019 at 08:47 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untangler
    Join Date
    Oct 2013
    Posts
    37

    Default

    Sorry to resurrect an older thread, but I'm running into the same issue. I've found a couple IPS signatures that I'd like to change from "block" to "log" but the edit pencil is greyed. Not sure how to get around this. I don't want to disable IPS, but I have a LOT of clients running Unifi stuff and need to be able to access their Cloud Keys to manage their Unifi equipment.

    Has anyone figured anything out with this yet?
    Last edited by BarryDingle; 03-02-2020 at 10:32 AM.

  9. #9
    Untangler
    Join Date
    Jan 2010
    Location
    Coeur d'Alene, Idaho, USA
    Posts
    55

    Default

    I experience this as well but decided to uninstall the app as it really doesn't do anything for me since my (home) network is behind Untangle's NAT. Problem solved.

  10. #10
    Untangle Ninja
    Join Date
    Feb 2016
    Posts
    1,029

    Default

    Quote Originally Posted by BarryDingle View Post
    Sorry to resurrect an older thread, but I'm running into the same issue. I've found a couple IPS signatures that I'd like to change from "block" to "log" but the edit pencil is greyed. Not sure how to get around this. I don't want to disable IPS, but I have a LOT of clients running Unifi stuff and need to be able to access their Cloud Keys to manage their Unifi equipment.

    Has anyone figured anything out with this yet?
    Without being able to look at specific signatures and tinker, it's my recollection that the preferred method is to copy/clone the signature and edit the copy/clone. I'd be glad to give that a try and see what happens to the original signature (that is, which signature takes effect) if you can give me an SID.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2