Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Firebox proxy blocking Camera program on port 80

Posted on 2009-05-06
6
Medium Priority
?
2,185 Views
Last Modified: 2013-11-16
Need some help with a wathguard firewall. I am using the proxy server to block adult content from the internet. This is also blocking me from using a program to view the cameras in the Atlanta office. The program uses port 80 to communicate with the security camera servers. How can I block the adult content without having the cameras blocked?  I have attached a copy of the log below:

Type      Date-Time      Detailed Message      
Traffic      2009-05-06 10:54:55      ProxyDeny: HTTP Request line parse error disp=DENY, direction=OUT, pri=3, policy=HTTP-proxy-00, protocol=http/tcp, src_ip=192.168.1.52, src_port=2113, dst_ip=***.***.***.***, dst_port=80, src_ip_nat=***.***.***.***, src_port_nat=10228, dst_ip_nat=, dst_port_nat=0, src_intf=1-Trusted, dst_intf=0-External, rc=594, proxy_act=HTTP-Client.1, line=\x3c?xml version:\x221.0\x22 encoding:\x22utf-8\x22?\x3e\x3cmethodcall\x3e\x3crequestid\x3e0\x3c/requestid\x3e\x3cmethodname\x3econnect\x3c/methodname\x3e\x3cusername\x3eIT\x3c/username\x3e\x3cpassword\x3e1234\x3c/password\x3e\x3ccameraid\x3e[cam4] Camera 1\x3c/cameraid\x3e\x3calwaysstdjpeg\x3eno\x3c/alwaysstdjpeg\x3e\x3cconnectparam\x3eid:4d2882d6-096a-4951-aa1f-fa66e4a386d9\x26amp;connectiontoken:TOKEN%23210970B4-9D6A-405C-B289-2FCF55915452%23127.0.0.1%3a80%2369.38.58.105%3a80\x3c/connectparam\x3e\x3c/methodcall\x3e\x0d\x0a, tag=1006
0
Comment
Question by:ipcipher
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24316989
If the camera is using static IP, then add a filter HTTP service and configure as below:
Enabled and allowed; from internal-ip-of-camera; to ANY

Other than camera all traffic would be subjected to HTTP proxy.

Thank you.
0
 
LVL 1

Author Comment

by:ipcipher
ID: 24317697
Yes the camera is using a static ip of 69.***.***.*** and is located in the Atlanta office. I am at the Savannah office using an IP of 72.***.***.*** when I use the program i receive an error that the camera is trying to reconnect. This only happens when I have the web proxy on. The proxy is also located at the Savannah office. I am not sure what you want me to do. Can you walk me through the steps?
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 24318225
Is there a VPN tunnel between the two offices; also please provide details if you connect to the camera using public IP or private IP (through VPN) and when you see the problem.

Normally for VPN ANY service would take care of all the traffic.
If you are accessing the camera using public IP then you must have forwarded port 80 to internal IP of camera [which should be static].
Add HTTP service from the predefined group "Packet Filters"; this policy would ensure that the FB does not do any L7 processing for the packets outgoing from camera.
Configure the service as below:
Connections are enabled and allowed; from internal-ip-camera; to ANY
Also, if you are accessing the camera using public IP, and the HTTP proxy is creating problem then we would add one more HTTP policy from packet filters for inbound traffic as:
Connections are Enabled and Allowed; from ANY OR specific IP; to NAT-as-configured-on-existing-HTTP-proxy-service

Which version of WG software are you running. The steps would differ a bit based on software version.

Please update.

Thank you.
0
Survive A High-Traffic Event with Percona

Your application or website rely on your database to deliver information about products and services to your customers. You can’t afford to have your database lose performance, lose availability or become unresponsive – even for just a few minutes.

 
LVL 1

Author Comment

by:ipcipher
ID: 24319086
dpk wal Thanks! I got it done. I appreciate your patients.
0
 
LVL 1

Author Closing Comment

by:ipcipher
ID: 31578511
Thanks!
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24322101
You are welcome! :)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question