Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

bypass external proxy due to NAT port 80 - outside int > forward to internal

Posted on 2013-11-27
5
Medium Priority
?
1,068 Views
Last Modified: 2013-11-29
Hi. Hope someone can help me understand

Basically I have port forward on ASA firewall -   port 80 hitting outside interface - NAT to inside webserver.
It worked - I got hitcounts. However we have a "external cloud based cisco scansafe proxy"

the website did not load as the traffic was being forwarded out to the scansafe tower. An exception to bypass was put in and all is now working. website loads

I would like to understand why I needed the exception. If the traffic is coming in to the network - port 80. Why would it then go out to the scansafe tower for filtering. Its something to do with the NAT I guess - hopefully someone can explain in simple terms for me. Thanks
0
Comment
Question by:philb19
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 2000 total points
ID: 39683016
I think you also filter tcp traffic with source port 80 (http). Can you share the scansafe config from the ASA?
0
 
LVL 1

Author Comment

by:philb19
ID: 39683348
yes I guess thats the part i dont understand - why is the source port 80 - is it to do with nat? -the connection is source (outside) interface -> port 80 NAT to inside webserver - So im reading it as traffic IN to LAN - destination port 80
0
 
LVL 1

Author Comment

by:philb19
ID: 39683366
the only thing i can pass on as to scansafe - it its a policy-map for http and https

I dont fully understand

"policy-map type inspect scansafe pmap-http" - same for https
0
 
LVL 1

Author Closing Comment

by:philb19
ID: 39684837
dont know exactly IF its source port is 80 - however it is the case that "ALL" port 80 and 443 (IN any direction goes out to scansafe tower. - Its just the way it works, I just need to remember to do exceptions for these ports for anything IN-OUT through ASA
0
 
LVL 12

Expert Comment

by:Henk van Achterberg
ID: 39684840
Great to hear it makes sense now :).

Good luck with your config!
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question