Announcement

Collapse
No announcement yet.

IP Filters?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • IP Filters?

    We have been having an issue downloading an update from a vendor of ours over the past several months and getting a 400 error in the process. I have been working with them regularly to resolve this issue by making small changes on the firewall and our web filter. It came to be that another customer of the vendor found a solution on their Secure Computing firewall. I wanted to see how I can apply their solution on the Secure Computing firewall to my Cisco ASA 5520. Here's an insert from the email:

    Anyway, this morning I configured the firewall to use an IP Filter rule, which instead of proxy, will securely and directly forward IP packets between the client and the ip address of company(x.x.x.x). I suspect that some of your other clients that have a similar issue may use this type, or even brand of firewall.
    Any help would be appreciated. If this solution does not apply, then no worries...it's back to the drawing board.
    MCITP:SA, MCSA 2003, MCP, CCNA, A+, Net+, Security+

  • #2
    Re: IP Filters?

    Can you post a bit more info as there isn't really much to go on here.
    What happens, how does it connect, what do the ASA logs show, is it between multiple hosts or just one to one, who initiates the connection etc?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: IP Filters?

      The host on our network initiates the connection via http to their server. Their server never contacts our network as we initiate the update via their software. The http connection is initiated through their softwares interface not a website. All outgoing HTTP requests are open on the firewall.

      While running through the ASA, I setup a Packet Capture via ASDM and it found nothing. I had it check all the packets from a paticular host with in my network an I also had it check all packets going to their host. I found nothing being blocked or unusual.

      Someone with a Secure Computing Firewall was able to remedy this issue by opening up an IP filter for the IP address of the company in question.

      Let me know if any more information is needed.
      MCITP:SA, MCSA 2003, MCP, CCNA, A+, Net+, Security+

      Comment


      • #4
        Re: IP Filters?

        How about a sniff on the server itself?
        It sounds a bit odd generally, can he elaborate what he means by IP filter?
        I assume there is no firewall locally on the server in question or anything funky with the AV?
        I think 400 is bad request isn't it?
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: IP Filters?

          Originally posted by AndyJG247 View Post
          How about a sniff on the server itself?
          It sounds a bit odd generally, can he elaborate what he means by IP filter?
          I assume there is no firewall locally on the server in question or anything funky with the AV?
          I think 400 is bad request isn't it?
          Yes, the 400 is a bad request. I can try to see if the company will perform a sniff on the server we are trying to connect to, it's vendor that we deal with and I don't have control over how they handle their server.

          I'm not sure what they mean by IP filter either. At first I thought it would be something similar to an access-list. I will look for clarification with the guy who found the solution and post back.
          MCITP:SA, MCSA 2003, MCP, CCNA, A+, Net+, Security+

          Comment


          • #6
            Re: IP Filters?

            Sounds good to me!
            Can you do a sniff on your server though? It may show more info. Wireshark is brilliant for this.
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment


            • #7
              Re: IP Filters?

              Originally posted by AndyJG247 View Post
              Sounds good to me!
              Can you do a sniff on your server though? It may show more info. Wireshark is brilliant for this.

              We do not have a server in house that performs the downloads. The programs are loaded on clients through out the facility. The clients are the ones initiate the download and get the error message.

              I'm still awaiting clarification regarding IP filters and a time to run a sniffer on a computer with the client.
              MCITP:SA, MCSA 2003, MCP, CCNA, A+, Net+, Security+

              Comment

              Working...
              X