have 443, but some sites use other ports for SSL

**jtmiles** · 02-28-2010, 10:48 AM

So, is there a way to dynamically open these as necessary? We have reporting to do for some sites and my boss gets upset when he can't automatically get in as if he were using a cheap, insecure, home router. Is there a way to create a rule to say: "Okay, you have connected to this site, now that you need to go to the SSL page to login we will open the port necessary to connect"? Or do I just need to open all flavors of SSL ports (13 that I have found)?

thanks for your help
Jtmiles

**dwasserman** · 02-28-2010, 11:04 AM

An URL for example may help to help you

**sky-knight** · 02-28-2010, 11:29 AM

You need to stop doing block all. That is the only way.

**jtmiles** · 02-28-2010, 11:56 AM

Sky Knight,
So I need to allow all outbound traffic to all addresses?
jtmiles

**sky-knight** · 02-28-2010, 02:08 PM

If you want to not have to get yelled at by the powers that be every time someone uses a nonstandard port yes.

**jtmiles** · 02-28-2010, 02:19 PM

Thanks, Sky Knight. That answers my question. That is what I will do, then.
jtmiles

**jtmiles** · 02-28-2010, 05:30 PM

Sky Knight,
I have a follow on...what I am am doing now is opening up the ports for the specific IP as there status becomes known. To you, is this unreasonable approach? Doesn't this appear to be a more secure route? This does mean they need to wait the five minutes after they've tried and can't get in for me to open the ports, but does my approach seem unreasonable to you?
thanks for your valuable opinion.
jtmiles

**mdh** · 02-28-2010, 06:04 PM

If you're doing it in an automated manner that can NEVER fail, cause a delay or open the wrong ports for the wrong IP, great...providing that you don't have to spend the time, money or energy to write it yourself. If you're doing it manually, you'll become a slave to the process and everything else will end up going by the wayside. Block dangerous ports, block certain processes, monitor logs for other things that you see needing your attention once you get some data to work with.

**sky-knight** · 02-28-2010, 11:30 PM

You're almost there... a few more hours of pounding your skull on this problem and you'll finally understand why Firewalls need to die. Untangle is a UTM... use the tools at your disposal. The only real security can be found on layer 7.

**mdh** · 03-01-2010, 12:00 AM

I read your last sentence and for some reason my mind shifted into "Brave New World". I gotta get away from the computer.

Thread: have 443, but some sites use other ports for SSL

LinkBack

Thread Tools

have 443, but some sites use other ports for SSL

allow all?

thanks

Follow on question

Posting Permissions