Website blocked by CSC - HTTPS CONNECT port restriction?

dmc3106cisco · ‎07-29-2010

Hello - I am not sure, but it appers a secure website we are attempting to attach to is inaccessible due to a rule on the FW. When querying the 'URL Blocking Log' on the Trend CSC for a period of the last two days, I see two entries - both list 'HTTPS connect port restriction' as the blocking rule. How can I fix so the secure site is accessible? Please see attached for more detail. Thank you!

Panos Kampanakis · ‎07-29-2010

Davis,

The CSC module will not block https, it will not inspect it at all.

Can you give us the log? Is it a CSC log or an ASA one? Does the ASA have http inspection enabled?

PK

Magnus Mortensen · ‎07-29-2010

Davis,

Since the module only scans tcp port 21/25/80/110 traffic, that error leads me to believe that these connections appear to be HTTPS connection using TCP port 80. Is there some application that is making these requests to 216.115.208.x on port 80 that is really an HTTPS connection? If you need to let this traffic through, the only way it will work is to exclude this traffic from being sent to the CSC module at all.

Do you know what this traffic is?

-Magnus

dmc3106cisco · ‎07-30-2010

So, the CSC should not be inspecting the traffic, although it displays 'port restriction' as the blocking rule for 443 in the CSC report??

The page in question is a https site for login to a 'secure trasfer' page, which allows outside entities to upload larger files to a companies network via the web.

Panos Kampanakis · ‎07-30-2010

The CSC will disregard traffic destined to port 443(https) all together.

So the log you are seeing is probably from HTTP inspection. Can send the actual log?

PK

dmc3106cisco · ‎07-30-2010

HTTP inspection is not enabled.

UPDATE: I can now, along with another user, access the secure login page. However, many others still cannot.

I have tried deleting all of the browser cache, for those still having trouble, but this does not help.

This may not be a firewall issue after all. What steps can I take to try and track down where the issue is? I've contacted the company who hosts the site(they are a large corporation) and the technicians relayed not having any other customers reporting trouble accessing. Thanks --

Magnus Mortensen · ‎07-30-2010

Justing by the error you are seeing, it looks like that application/site does some non-standard http over TCP port 80. THe best thing you can do is to simply exclude the destination server from going up to the the CSC module. Please post the output of:

'show run policy'

'show run class-map'

- Magnus

Magnus Mortensen · ‎07-30-2010

Also, out of curiosity, what version of CSC code are you using?