12-26-2017 02:45 AM - edited 02-21-2020 07:02 AM
Hello. friends! I need your advice.
In my lan I blocked TeamVeiwer and AmmyAdmin. All good.
But now I want to deny another application - LiteManagerFree (This is Remote access programm).
So I have problem.This program used ports - 5651, 5650.
What I done:
Create new application detector.
Add ports that a need.
Add this application to blocked im my access control policy.
But it does not work. (This Rule works for Teamviewer and Ammy).
Thank you!!!
12-26-2017 05:33 AM
Have you confirmed the ports in use via analysis of a connection record or packet capture?
Have you tried doing a straight block on the tcp and udp destination ports vs using an application? (This would require its own entry in the ACP.)
12-26-2017 06:06 AM
12-26-2017 06:25 AM
You're welcome.
Regarding analysis I mean just looking at connection record of a host that you use to test the rule and visually confirming that the expected port numbers are the ones in use.
Your outcome of simple port blocking not having the expected effect leads me to believe that either the application isn't using only those ports or something else is going on with your rules. I do note from the product web site that one can specify non-standard ports for use. You can try packet-tracer from the cli or from the GUI to see what rule is allowing or preventing the flow.
I am also thinking that, depending on where the server and client are located, you may need to have a rule blocking 5650 and 5651 in both directions (one inbound and one outbound).
12-27-2017 12:26 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide