Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Pls help with advice to find port or.. (Kerio blocked software update)
  •  
izroda

Messages: 10
Karma: 0
Send a private message to this user
Hallo,

I use Kerio Control 7.1.2. On the same machine i have another software wich makes every day automatic updates.
When i stop Kerio Control - no problems with update.
When i run Kerio Control - update is blocked.

I have ping to update server IP, I wrote a rule:
ANY / ANY / TCP 8080/ Allow/ NAT - i put it on top

From software company told me that port is 8080.

Please for advice what is the right way to find solution.

Thank you

Nick
  •  
izroda

Messages: 10
Karma: 0
Send a private message to this user
I tought to allow everything in Kerio and step by step to block some ports to isolate the problem, but i dont know how to do this.
  •  
Goran

Messages: 326
Karma: 5
Send a private message to this user
go to rule wizard.
It will override all rules what u have now.
Or try first with;
Trust/Internet/ANY/Allow/NAT
Trust,Firewall/Trust,Firewall/ANY/ALLOW
Firewall/ANY/ANY/ALLOW

Question cannot be stupid, but some of the answers can.
  •  
izroda

Messages: 10
Karma: 0
Send a private message to this user
Thank you for response. I did it, but the same problem.
I write the rules - no update. (This rules means that everything is allowed?)
When stoped Kerio - OK.

What can be other reason?
  •  
Goran

Messages: 326
Karma: 5
Send a private message to this user
Is your internet interface and local interface in good group.
This is not personal firewall!

Question cannot be stupid, but some of the answers can.
  •  
izroda

Messages: 10
Karma: 0
Send a private message to this user
This is interface configuration

[Updated on: Sat, 01 December 2012 18:07]

  •  
izroda

Messages: 10
Karma: 0
Send a private message to this user
This is rules, and stil blocking updates.
Platform is Windows Server 2008 R2

[Updated on: Sat, 01 December 2012 18:07]

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
Look at service definitions. Is port 8080 assigned to HTTP protocol inspector?
If so, then the application may use corrupted non-HTTP communication for updates and this is of course rejected because Kerio Control validated protocol integrity.
  •  
izroda

Messages: 10
Karma: 0
Send a private message to this user
This is for http

[Updated on: Sat, 01 December 2012 18:07]

  •  
izroda

Messages: 10
Karma: 0
Send a private message to this user
Before we had MS Server 2003 with Kerio Winrout Firewall older then now and there wasn't problems.

[Updated on: Sat, 01 December 2012 18:06]

  •  
Goran

Messages: 326
Karma: 5
Send a private message to this user
IPS has default 8080 as http
try to remove it from IPS system or disable IPS for testing.

Question cannot be stupid, but some of the answers can.
  •  
izroda

Messages: 10
Karma: 0
Send a private message to this user
Sorry for my stupid question, but what is IPS Smile)
And how to stop it?
  •  
izroda

Messages: 10
Karma: 0
Send a private message to this user
Do you mean IPSec?
  •  
izroda

Messages: 10
Karma: 0
Send a private message to this user
I disable Intrusion prevention and it works Smile)

Thank you verry much!

Waht do you advice to let it disable or to change something in advanced settings ?
  •  
Goran

Messages: 326
Karma: 5
Send a private message to this user
Smile
Try remove 8080 port as http
try to add rule to disable checking
119:2 (double detect attack)
See your security log...
Go and see what IPS dropping, may help.

Question cannot be stupid, but some of the answers can.
Previous Topic: MTU
Next Topic: IPTV, multicast
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Oct 16 23:47:11 CEST 2017

Total time taken to generate the page: 0.00495 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.