Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
937
Views
15
Helpful
3
Replies

FPR1010 Port 443 https Web Access issue

Go to solution
TheGoob
Level 4
Level 4

‎11-18-2022 05:18 PM

Hello

 

So on an inside server (192.168.5.42) I am running an NGINX Web-Server which absolutely needs to be on Port 80 and 443. My FPR1010 has, by default, https access via 443, so when I connect to x.x.x.182 (WAN) (which connects to 192.168.5.42) on https it keeps bringing me to the FPR GUI, and not into my LAN Server.

I have set up every variation of ACL and NAT to direct x.x.x.182:8443 to 192.168.5.42:443. I had made it x.x.x.182:443 to 192.168.5.42:443

Long story short. if my Web-Server "must" be on 443 and FPR "is" on https 443... How do I go through the FPR to my Web-Server?

I did indeed, in FPR Data Management, change https port to 444 but I still can not get inside, so not sure how to correctly do this.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ABaker94985
Spotlight
Spotlight

‎12-05-2022 09:45 AM

It sounds as if you need to change the management port on the outside interface of the Firepower to another port. Go to System Settings > Management Access, where you will see "HTTPS Data Port: 443". Change this to another port number. 

I didn't follow your question 100%, but if you want to configure 8443/tcp on the outside to 443/tcp on the server, you should be able to create a static auto NAT with 443 as the original port and 8443 as the translated port.

View solution in original post

3 Replies 3

Go to solution
ABaker94985
Spotlight
Spotlight

‎12-05-2022 09:45 AM

It sounds as if you need to change the management port on the outside interface of the Firepower to another port. Go to System Settings > Management Access, where you will see "HTTPS Data Port: 443". Change this to another port number. 

I didn't follow your question 100%, but if you want to configure 8443/tcp on the outside to 443/tcp on the server, you should be able to create a static auto NAT with 443 as the original port and 8443 as the translated port.

Go to solution
MHM Cisco World
VIP
VIP

‎12-05-2022 11:07 AM

Yes you can change the FPR listen port to be not 443 nor 80 and hence you can access to server inside
or 
I think you can use IP not ip of FPR outside interface in static NAT.

Go to solution
TheGoob
Level 4
Level 4

‎12-06-2022 08:51 AM

I got everything working, thank you. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card