Solved

Firebox proxy blocking Camera program on port 80

Posted on 2009-05-06
6
2,157 Views
Last Modified: 2013-11-16
Need some help with a wathguard firewall. I am using the proxy server to block adult content from the internet. This is also blocking me from using a program to view the cameras in the Atlanta office. The program uses port 80 to communicate with the security camera servers. How can I block the adult content without having the cameras blocked?  I have attached a copy of the log below:

Type      Date-Time      Detailed Message      
Traffic      2009-05-06 10:54:55      ProxyDeny: HTTP Request line parse error disp=DENY, direction=OUT, pri=3, policy=HTTP-proxy-00, protocol=http/tcp, src_ip=192.168.1.52, src_port=2113, dst_ip=***.***.***.***, dst_port=80, src_ip_nat=***.***.***.***, src_port_nat=10228, dst_ip_nat=, dst_port_nat=0, src_intf=1-Trusted, dst_intf=0-External, rc=594, proxy_act=HTTP-Client.1, line=\x3c?xml version:\x221.0\x22 encoding:\x22utf-8\x22?\x3e\x3cmethodcall\x3e\x3crequestid\x3e0\x3c/requestid\x3e\x3cmethodname\x3econnect\x3c/methodname\x3e\x3cusername\x3eIT\x3c/username\x3e\x3cpassword\x3e1234\x3c/password\x3e\x3ccameraid\x3e[cam4] Camera 1\x3c/cameraid\x3e\x3calwaysstdjpeg\x3eno\x3c/alwaysstdjpeg\x3e\x3cconnectparam\x3eid:4d2882d6-096a-4951-aa1f-fa66e4a386d9\x26amp;connectiontoken:TOKEN%23210970B4-9D6A-405C-B289-2FCF55915452%23127.0.0.1%3a80%2369.38.58.105%3a80\x3c/connectparam\x3e\x3c/methodcall\x3e\x0d\x0a, tag=1006
0
Comment
Question by:ipcipher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24316989
If the camera is using static IP, then add a filter HTTP service and configure as below:
Enabled and allowed; from internal-ip-of-camera; to ANY

Other than camera all traffic would be subjected to HTTP proxy.

Thank you.
0
 
LVL 1

Author Comment

by:ipcipher
ID: 24317697
Yes the camera is using a static ip of 69.***.***.*** and is located in the Atlanta office. I am at the Savannah office using an IP of 72.***.***.*** when I use the program i receive an error that the camera is trying to reconnect. This only happens when I have the web proxy on. The proxy is also located at the Savannah office. I am not sure what you want me to do. Can you walk me through the steps?
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24318225
Is there a VPN tunnel between the two offices; also please provide details if you connect to the camera using public IP or private IP (through VPN) and when you see the problem.

Normally for VPN ANY service would take care of all the traffic.
If you are accessing the camera using public IP then you must have forwarded port 80 to internal IP of camera [which should be static].
Add HTTP service from the predefined group "Packet Filters"; this policy would ensure that the FB does not do any L7 processing for the packets outgoing from camera.
Configure the service as below:
Connections are enabled and allowed; from internal-ip-camera; to ANY
Also, if you are accessing the camera using public IP, and the HTTP proxy is creating problem then we would add one more HTTP policy from packet filters for inbound traffic as:
Connections are Enabled and Allowed; from ANY OR specific IP; to NAT-as-configured-on-existing-HTTP-proxy-service

Which version of WG software are you running. The steps would differ a bit based on software version.

Please update.

Thank you.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Author Comment

by:ipcipher
ID: 24319086
dpk wal Thanks! I got it done. I appreciate your patients.
0
 
LVL 1

Author Closing Comment

by:ipcipher
ID: 31578511
Thanks!
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24322101
You are welcome! :)
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Managing 24/7 IT Operations is a hands-on job and indeed a difficult one. Over the years I have found some simple tips and techniques to increase the efficiency of the overall operations. The core concept has always been on continuous improvement; a…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question