Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    Untangler
    Join Date
    Jan 2008
    Location
    Kansas City, MO
    Posts
    86

    Default have 443, but some sites use other ports for SSL

    So, is there a way to dynamically open these as necessary? We have reporting to do for some sites and my boss gets upset when he can't automatically get in as if he were using a cheap, insecure, home router. Is there a way to create a rule to say: "Okay, you have connected to this site, now that you need to go to the SSL page to login we will open the port necessary to connect"? Or do I just need to open all flavors of SSL ports (13 that I have found)?

    thanks for your help
    Jtmiles

  2. #2
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,372

    Default

    An URL for example may help to help you

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    You need to stop doing block all. That is the only way.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Untangler
    Join Date
    Jan 2008
    Location
    Kansas City, MO
    Posts
    86

    Default allow all?

    Sky Knight,
    So I need to allow all outbound traffic to all addresses?
    jtmiles

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    If you want to not have to get yelled at by the powers that be every time someone uses a nonstandard port yes.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untangler
    Join Date
    Jan 2008
    Location
    Kansas City, MO
    Posts
    86

    Default thanks

    Thanks, Sky Knight. That answers my question. That is what I will do, then.
    jtmiles

  7. #7
    Untangler
    Join Date
    Jan 2008
    Location
    Kansas City, MO
    Posts
    86

    Default Follow on question

    Sky Knight,
    I have a follow on...what I am am doing now is opening up the ports for the specific IP as there status becomes known. To you, is this unreasonable approach? Doesn't this appear to be a more secure route? This does mean they need to wait the five minutes after they've tried and can't get in for me to open the ports, but does my approach seem unreasonable to you?
    thanks for your valuable opinion.
    jtmiles

  8. #8
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,752

    Default

    If you're doing it in an automated manner that can NEVER fail, cause a delay or open the wrong ports for the wrong IP, great...providing that you don't have to spend the time, money or energy to write it yourself. If you're doing it manually, you'll become a slave to the process and everything else will end up going by the wayside. Block dangerous ports, block certain processes, monitor logs for other things that you see needing your attention once you get some data to work with.

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    You're almost there... a few more hours of pounding your skull on this problem and you'll finally understand why Firewalls need to die. Untangle is a UTM... use the tools at your disposal. The only real security can be found on layer 7.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,752

    Default

    I read your last sentence and for some reason my mind shifted into "Brave New World". I gotta get away from the computer.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2