Results 1 to 3 of 3
  1. #1
    Untangler
    Join Date
    Nov 2016
    Location
    Phoenix, AZ
    Posts
    57

    Default Tracking down incoming blocked IP addresses

    Hi,

    I have a client who can't reach any website we host, including their own. I can see their public IP address passing through the Firewall but doesn't get to the web server. I have multiple servers and he can't get to sites on the others either.

    Other than the firewall, where would I look to see if something else blocked him? I have Web filter, Virus blocker, Spam blocker, Phish blocker, Bandwidth Control, SSL Inspector, Application control Captive Portal, Firewall and Threat Prevention running. Several of those are in their default initial configuration states. He was just trying to access his non-secure site, so using port 80 in a Windows browser.

    Thanks!

    --Ben

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,808

    Default

    Oh boy...

    So you're discovering a fun fact about Untangle. It doesn't give a flying rip about direction of traffic.

    You MUST use policies to push ingress traffic into a policy that contains an EXTREMELY curated list of apps to prevent this situation from occurring. Just about EVERY SINGLE MODULE from Untangle inspects TCP 80 and TCP 443 traffic and as such all of them are suspect. The new Threat Prevention module is particularly snippy in these circumstances. The Virus Blockers have no business being in that special policy at all, due to DOS concerns. (You're AV scanning your own content for the WORLD's worth of clients)

    My Ingress Services Policy only contains Web Monitor (note, I said monitor NOT filter! I have the latter, it just has no place here!) and Firewall Apps for this very reason. Using Untangle to protect publicly exposed services is a non-trivial exercise. It's designed to protect end users from the world, and you've inverted the mix. Yes, it CAN be made to work, but you must take care and consideration when doing so.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untangler
    Join Date
    Nov 2016
    Location
    Phoenix, AZ
    Posts
    57

    Default

    Hi Rob,

    Thanks for your insight. I do see where it has blocked web events. I'll have the client try to access his website again and see if his IP pops up here.

    --Ben

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2