Solved

Firebox proxy blocking Camera program on port 80

Posted on 2009-05-06
6
2,124 Views
Last Modified: 2013-11-16
Need some help with a wathguard firewall. I am using the proxy server to block adult content from the internet. This is also blocking me from using a program to view the cameras in the Atlanta office. The program uses port 80 to communicate with the security camera servers. How can I block the adult content without having the cameras blocked?  I have attached a copy of the log below:

Type      Date-Time      Detailed Message      
Traffic      2009-05-06 10:54:55      ProxyDeny: HTTP Request line parse error disp=DENY, direction=OUT, pri=3, policy=HTTP-proxy-00, protocol=http/tcp, src_ip=192.168.1.52, src_port=2113, dst_ip=***.***.***.***, dst_port=80, src_ip_nat=***.***.***.***, src_port_nat=10228, dst_ip_nat=, dst_port_nat=0, src_intf=1-Trusted, dst_intf=0-External, rc=594, proxy_act=HTTP-Client.1, line=\x3c?xml version:\x221.0\x22 encoding:\x22utf-8\x22?\x3e\x3cmethodcall\x3e\x3crequestid\x3e0\x3c/requestid\x3e\x3cmethodname\x3econnect\x3c/methodname\x3e\x3cusername\x3eIT\x3c/username\x3e\x3cpassword\x3e1234\x3c/password\x3e\x3ccameraid\x3e[cam4] Camera 1\x3c/cameraid\x3e\x3calwaysstdjpeg\x3eno\x3c/alwaysstdjpeg\x3e\x3cconnectparam\x3eid:4d2882d6-096a-4951-aa1f-fa66e4a386d9\x26amp;connectiontoken:TOKEN%23210970B4-9D6A-405C-B289-2FCF55915452%23127.0.0.1%3a80%2369.38.58.105%3a80\x3c/connectparam\x3e\x3c/methodcall\x3e\x0d\x0a, tag=1006
0
Comment
Question by:ipcipher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24316989
If the camera is using static IP, then add a filter HTTP service and configure as below:
Enabled and allowed; from internal-ip-of-camera; to ANY

Other than camera all traffic would be subjected to HTTP proxy.

Thank you.
0
 
LVL 1

Author Comment

by:ipcipher
ID: 24317697
Yes the camera is using a static ip of 69.***.***.*** and is located in the Atlanta office. I am at the Savannah office using an IP of 72.***.***.*** when I use the program i receive an error that the camera is trying to reconnect. This only happens when I have the web proxy on. The proxy is also located at the Savannah office. I am not sure what you want me to do. Can you walk me through the steps?
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24318225
Is there a VPN tunnel between the two offices; also please provide details if you connect to the camera using public IP or private IP (through VPN) and when you see the problem.

Normally for VPN ANY service would take care of all the traffic.
If you are accessing the camera using public IP then you must have forwarded port 80 to internal IP of camera [which should be static].
Add HTTP service from the predefined group "Packet Filters"; this policy would ensure that the FB does not do any L7 processing for the packets outgoing from camera.
Configure the service as below:
Connections are enabled and allowed; from internal-ip-camera; to ANY
Also, if you are accessing the camera using public IP, and the HTTP proxy is creating problem then we would add one more HTTP policy from packet filters for inbound traffic as:
Connections are Enabled and Allowed; from ANY OR specific IP; to NAT-as-configured-on-existing-HTTP-proxy-service

Which version of WG software are you running. The steps would differ a bit based on software version.

Please update.

Thank you.
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 1

Author Comment

by:ipcipher
ID: 24319086
dpk wal Thanks! I got it done. I appreciate your patients.
0
 
LVL 1

Author Closing Comment

by:ipcipher
ID: 31578511
Thanks!
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24322101
You are welcome! :)
0

Featured Post

Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Checkpoint Endpoint Managment 3 107
How to access multiple local hosts from phone on network 5 101
Backup UPS - email alert 3 144
Windows ADHow to restrict port 6881 bit Torrent 3 44
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question