promaxonline.com

[nmpdan]

Very odd thing is going accessing www.promaxonline.com, which is using ActiveX. If either of the Phishing, Spyware or Virus modules are enabled, logging into the site is not possible. Clicking on the Login button yields not response and ends up timing out. I tried disabling web related scanning, but that has made no difference. I know that the site loads an OCX file for the login functions. I see no log entries relating to the attempts either. The UT box is in Router mode.

Any ideas? I'm still pretty much a UT newbie and have not gotten into much of the underlying nitty gritty. Thanks all.

[friday]

I really don't have a solution, other than try to whitelist it if Untangle has that ability. I am more intrigued by the fact that I do know of this website. I've seen it used by one clients of our who deals in special finance, in the pre-owned sales department. Do you work for a car dealership, or service their IT needs? Our company services many of the Detroit area car dealerships and have looked at many open source firewalls. We seem to be primarily using Smoothwall (with the URLFilter) for now, with one install of IPCop at another place (due to box using scsi drives, which smoothwall didnt fix til 3.0).

I've toyed with the idea of deploying an Untangle box out at one of our client's site. But, knowing that youtube and other movie sharing sites are not currently blocked, I would not feel comfortable doing this (and probably lose the customer).

Let me know if you are able to fix this, and let me know how well untangle works in a dealership.

Wait. Just thought of something. Does the promax application use port 80 to log in? Or does it using 443? Check using your netstat command.

[nmpdan]

We service their IT needs. They guy we work with at this particular location wanted to go the FOSS route. I've used untangle at other locations and we decided to give it a shot. This is the largest facility I've implemented it in, approximately 500 hosts. All the others were about 10 or less.

As far as youtube and what not, this place already has a web filtering solution, so the goal for Untangle was primarily virus and spam filtering.

Yes, Promaxonline defaults to port 80. If one manually selects port 443 then it works properly. I'm a little confused as to why the site does not default to SSL though, but I can't change that. If I figure this out, I'll be sure to let you know.

[95vr6man]

you could always use a redirect from the ip of the site:80 to 443 or something fancy like that to solve this problem if it works when u manually go to https. just an idea no clue if it would work.

[nmpdan]

Thanks 95vr6man. (Is that a reference to a VW maybe?) 2001VR6 here.

That idea popped in my head today too. I'll have to try that. I've setup Apache countless times to to redirect to https, but not via a router/firewall. I'll let you know if that works. Probably not til tomorrow though.

[mdh]

ProMax Online login yields a message that site is best viewed at 1024x768...I'm set higher than that. Shutting down spam,phish,spyware,IPS did not change that. I can get to the Dealer Management Login screen just fine. I'm on 5.0.3.

[nmpdan]

mdh,

I'm using 5.03 as well. Can you login to the ProMax Online Login? That one fails. Clicking on Log In after entering Dealer ID, User Name and Password yields a page that says:

There was an error logging you on.
Timed out communicating with the ProMax web server. (TimeOut)[]

[mdh]

Well, not having any of those items of information, I don't think I'd get very far. You can PM me with those if you want me to try. You can also set up a NORACK solution, which allows you to bypass Untangle processing for a network path that is specified by that policy...which is FREE in the Open Source package.

[nmpdan]

I don't see where I can setup a norack configuration for a single domain like that. I can setup a norack for all inbound External to Interal under default policies, but then nothing inbound is checked. Am I looking in the wrong spot? I read that custom policies are not enabled for the Open Source package.

[mdh]

Go to the top of your rack where you see "Default Rack". Click the pulldown and select Policy Manager. You should be able to make a custom policy with NO RACK specs from your network to the IP of promaxonline.com. NO RACK is allowed for Open Source, but any other custom policies require Professional Package.