https://community.cisco.com/t5/network-security/fwsm-allowing-http-on-another-port-inspection/m-p/1232599#M860187 <HTML><HEAD></HEAD><BODY><P>Check the security level of the interfaces. Traffic does not go through the FWSM from a higher security interface to a lower security interface. You did not apply an access list to the higher security interface to allow traffic through. Unlike the PIX firewall, the FWSM does not automatically allow traffic to pass between interfaces.</P><P></P><P>Apply an access list to the source interface to allow traffic through.</P><P></P></BODY></HTML> Fri, 08 May 2009 12:35:29 GMT sadbulali 2009-05-08T12:35:29Z https://community.cisco.com/t5/network-security/fwsm-allowing-http-on-another-port-inspection/m-p/1232598#M860183 <P>hi </P><P></P><P>Internet ---- FWSM (ver 3.2(8)) ---Serverfarm</P><P></P><P>we have a server which has an application that listens on port 55005.The way the appliction is accessed is by <A class="jive-link-custom" href="http://public-ip:55005" target="_blank">http://public-ip:55005</A>. I have opened port 55005 on the fwsm and the static and access-lists are as follows</P><P></P><P>static (dmzSERVER,OUTSIDE) public-ip private-ip netmask 255.255.255.255</P><P>access-list FR_OUTSIDE extended permit tcp any host public-ip eq 55005 </P><P>access-group FR_OUTSIDE in int OUTSIDE</P><P></P><P>The issue is that i get the login page.As soon as enter the username and password and hit enter it says page cannot be displayed. On logging the FWSM i cannot find anything being dropped. </P><P></P><P>I also tried application inspection for http using the following configuration.</P><P></P><P>class-map HTTP</P><P> match port tcp eq 55005</P><P>policy-map HTTP</P><P> class HTTP</P><P> inspect http </P><P>service-policy HTTP interface OUTSIDE</P><P></P><P>Now when the outside user tries <A class="jive-link-custom" href="http://public-ip:55005" target="_blank">http://public-ip:55005</A> i can see that there are hits for the above inspection and that nothing is dropped.But still after supplying the username and password we still get page cannot be displayed. I havent tried with an HTTp map though.</P><P></P><P>I believe this has got something to do with http traffic going on port 55005. locally everything works OK.</P><P></P><P>if any one has some ideas regarding this please help</P><P></P><P>Regards</P><P></P><P>mannyD</P> Mon, 11 Mar 2019 15:27:04 GMT https://community.cisco.com/t5/network-security/fwsm-allowing-http-on-another-port-inspection/m-p/1232598#M860183 MannyD123 2019-03-11T15:27:04Z https://community.cisco.com/t5/network-security/fwsm-allowing-http-on-another-port-inspection/m-p/1232599#M860187 <HTML><HEAD></HEAD><BODY><P>Check the security level of the interfaces. Traffic does not go through the FWSM from a higher security interface to a lower security interface. You did not apply an access list to the higher security interface to allow traffic through. Unlike the PIX firewall, the FWSM does not automatically allow traffic to pass between interfaces.</P><P></P><P>Apply an access list to the source interface to allow traffic through.</P><P></P></BODY></HTML> Fri, 08 May 2009 12:35:29 GMT https://community.cisco.com/t5/network-security/fwsm-allowing-http-on-another-port-inspection/m-p/1232599#M860187 sadbulali 2009-05-08T12:35:29Z