Site, non-standard port and Kerio Control
Good day. I want to talk about a very simple, at first glance, problem, the solution of which took me about half an hour, despite the fact that I have been administering Kerio Control for a long time and know this product well.
Given: the site of the bank, access to which is carried out on non-standard (TCP 5099) port. And the computer on which this site does not open.
')
In my network, only those ports that are needed are open for users, and when I saw the problem, I immediately opened the Kerio administration console to add the required port to the allowing rule. But this has already been done (apparently, for the same site even earlier). A little thought, looking at the traffic logs and trying to open this site from another computer (successfully), I was puzzled.
Not knowing what to think, I created a new temporary rule that would allow the problem computer to have full access to the Internet on all ports and included detailed logs on this rule to see what was happening.
The magazine fun ran the lines of the computer's network activity, but the site still did not open.
Starting to get angry at an incomprehensible problem that delayed me at work, I began to carefully review all the Kerio logs that would mention the problem host and saw a line that informed me that P2P connections were detected on this computer. According to the setting, only non-P2P connections were allowed to this computer:
Absolutely innocuous option that prohibits torrent clients, but usually does not interfere with the work of the user, in this case played a cruel joke with me.
Port 5099 was blocked, despite the fact that it did not fall into the range of "suspicious" ports; Why it happened is not clear.
After the reason was found, the solution was simple - adding one more to the list of Kerio services,
working on port 5099:
And adding this service to the P2P filter exception list.
I wish all system administrators fewer such problems to leave time for something really interesting. And obedient users who are not trying to use corporate computers for entertainment.
Given: the site of the bank, access to which is carried out on non-standard (TCP 5099) port. And the computer on which this site does not open.
')
In my network, only those ports that are needed are open for users, and when I saw the problem, I immediately opened the Kerio administration console to add the required port to the allowing rule. But this has already been done (apparently, for the same site even earlier). A little thought, looking at the traffic logs and trying to open this site from another computer (successfully), I was puzzled.
Not knowing what to think, I created a new temporary rule that would allow the problem computer to have full access to the Internet on all ports and included detailed logs on this rule to see what was happening.
The magazine fun ran the lines of the computer's network activity, but the site still did not open.
Starting to get angry at an incomprehensible problem that delayed me at work, I began to carefully review all the Kerio logs that would mention the problem host and saw a line that informed me that P2P connections were detected on this computer. According to the setting, only non-P2P connections were allowed to this computer:
Absolutely innocuous option that prohibits torrent clients, but usually does not interfere with the work of the user, in this case played a cruel joke with me.
Port 5099 was blocked, despite the fact that it did not fall into the range of "suspicious" ports; Why it happened is not clear.
After the reason was found, the solution was simple - adding one more to the list of Kerio services,
working on port 5099:
And adding this service to the P2P filter exception list.
I wish all system administrators fewer such problems to leave time for something really interesting. And obedient users who are not trying to use corporate computers for entertainment.
Source: https://habr.com/ru/post/179603/
All Articles