Results 1 to 7 of 7
  1. #1
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,535

    Default Unifi portal being blocked by IPS

    So in the past couple of weeks, when we go to manage our clients on unifi.ui.com (the multi tenant portal for clients with on-prem Unifi controllers such as Cloud Keys)...we can log into the portal, and see our ~70 or so tenants there. But when clicking on a tenant to connect to...it errors out. And we see the below blocks in the IPS reports of Untangle.

    I have tried adding a bypass within the IPS module, "If destination IP is 34.203.0.0/16...whitelist..but then it gives me 2x other choices of recommended. Dunno what to do there.. I just want to whitelist that whole IP range (because there are quite a few IPs it can use at 34.203.250.0 and 34.203.251.0 and probably other 3rd octets also.

    I also tried "if outbound port is 3478"....but no luck, keeps blocking.

    So I go up to the top level of bypass rules...same thing, whote 34.203.0.0/16 range..but IPS keeps blocking me.
    If I turn off IPS I get in fine.

    UntangleUnifiCapture.JPG

    I don't want to hear "spin up your own cloud controller and avoid this"....we also have our own cloud controller for almost 200 other tenants...been using that since Unifi first went multi tenant. But we have some clients with on-prem controllers for various reasons so still need this to work.
    Last edited by YeOldeStonecat; 12-30-2019 at 10:31 AM.
    Resident "Geek on a Harley" in Southeast Connecticut, USA.

  2. #2
    Untangler
    Join Date
    Aug 2016
    Posts
    88

    Default

    Go into IPS app and look up the actions for signature id 2016149. If its default its simply set to log and should not be blocking. If it has been changed to block, you can unblock it there.

  3. #3
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,535

    Default

    Quote Originally Posted by ifican View Post
    Go into IPS app and look up the actions for signature id 2016149. If its default its simply set to log and should not be blocking. If it has been changed to block, you can unblock it there.
    Thanks for the reply. I found how to get there..but the "Edit" pencil is grayed out. Recommended action...log, rule action..Block.
    So...it must lay underneath some rules that I enabled which were not default. I did not create additional rules, likely I just changed (enabled) some default rules.
    Resident "Geek on a Harley" in Southeast Connecticut, USA.

  4. #4
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,535

    Default

    So unchecked the default "Critical Priority" rule allowed it to work...but I still cannot edit that individual rule, it remains grayed out to edit.

    UntangleIPS.JPG
    Resident "Geek on a Harley" in Southeast Connecticut, USA.

  5. #5
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,535

    Default

    OK...so my key was on the main status page.."When to scan". It was on "before network processing"...I changed to "after network processing"...and this is supposed to make bypass rules work. But it's not.
    Last edited by YeOldeStonecat; 12-30-2019 at 01:17 PM.
    Resident "Geek on a Harley" in Southeast Connecticut, USA.

  6. #6
    Untangler
    Join Date
    Aug 2016
    Posts
    88

    Default

    To be honest the ips sections does me in as well. I have a few that act funky but they log and dont block when i have whitelisted. Where did you read the processing order effects whitelisting. I will play with it more myself but hoping someone that know for sure pops in soon.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,909

    Default

    The module isn't easy to sort out, you use rules to select the rules... that logic can get fuzzy... fast. One bad signature is annoyingly difficult to remove, it's not trivial to identify either but at least that's in the logs.
    Last edited by sky-knight; 12-30-2019 at 08:47 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2