Solved

Firebox proxy blocking Camera program on port 80

Posted on 2009-05-06
6
2,077 Views
Last Modified: 2013-11-16
Need some help with a wathguard firewall. I am using the proxy server to block adult content from the internet. This is also blocking me from using a program to view the cameras in the Atlanta office. The program uses port 80 to communicate with the security camera servers. How can I block the adult content without having the cameras blocked?  I have attached a copy of the log below:

Type      Date-Time      Detailed Message      
Traffic      2009-05-06 10:54:55      ProxyDeny: HTTP Request line parse error disp=DENY, direction=OUT, pri=3, policy=HTTP-proxy-00, protocol=http/tcp, src_ip=192.168.1.52, src_port=2113, dst_ip=***.***.***.***, dst_port=80, src_ip_nat=***.***.***.***, src_port_nat=10228, dst_ip_nat=, dst_port_nat=0, src_intf=1-Trusted, dst_intf=0-External, rc=594, proxy_act=HTTP-Client.1, line=\x3c?xml version:\x221.0\x22 encoding:\x22utf-8\x22?\x3e\x3cmethodcall\x3e\x3crequestid\x3e0\x3c/requestid\x3e\x3cmethodname\x3econnect\x3c/methodname\x3e\x3cusername\x3eIT\x3c/username\x3e\x3cpassword\x3e1234\x3c/password\x3e\x3ccameraid\x3e[cam4] Camera 1\x3c/cameraid\x3e\x3calwaysstdjpeg\x3eno\x3c/alwaysstdjpeg\x3e\x3cconnectparam\x3eid:4d2882d6-096a-4951-aa1f-fa66e4a386d9\x26amp;connectiontoken:TOKEN%23210970B4-9D6A-405C-B289-2FCF55915452%23127.0.0.1%3a80%2369.38.58.105%3a80\x3c/connectparam\x3e\x3c/methodcall\x3e\x0d\x0a, tag=1006
0
Comment
Question by:ipcipher
  • 3
  • 3
6 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24316989
If the camera is using static IP, then add a filter HTTP service and configure as below:
Enabled and allowed; from internal-ip-of-camera; to ANY

Other than camera all traffic would be subjected to HTTP proxy.

Thank you.
0
 
LVL 1

Author Comment

by:ipcipher
ID: 24317697
Yes the camera is using a static ip of 69.***.***.*** and is located in the Atlanta office. I am at the Savannah office using an IP of 72.***.***.*** when I use the program i receive an error that the camera is trying to reconnect. This only happens when I have the web proxy on. The proxy is also located at the Savannah office. I am not sure what you want me to do. Can you walk me through the steps?
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24318225
Is there a VPN tunnel between the two offices; also please provide details if you connect to the camera using public IP or private IP (through VPN) and when you see the problem.

Normally for VPN ANY service would take care of all the traffic.
If you are accessing the camera using public IP then you must have forwarded port 80 to internal IP of camera [which should be static].
Add HTTP service from the predefined group "Packet Filters"; this policy would ensure that the FB does not do any L7 processing for the packets outgoing from camera.
Configure the service as below:
Connections are enabled and allowed; from internal-ip-camera; to ANY
Also, if you are accessing the camera using public IP, and the HTTP proxy is creating problem then we would add one more HTTP policy from packet filters for inbound traffic as:
Connections are Enabled and Allowed; from ANY OR specific IP; to NAT-as-configured-on-existing-HTTP-proxy-service

Which version of WG software are you running. The steps would differ a bit based on software version.

Please update.

Thank you.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 1

Author Comment

by:ipcipher
ID: 24319086
dpk wal Thanks! I got it done. I appreciate your patients.
0
 
LVL 1

Author Closing Comment

by:ipcipher
ID: 31578511
Thanks!
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24322101
You are welcome! :)
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now