Question
Why are web sites or web servers that do not respond from the requested TCP port (e.g. port 80 - HTTP) blocked and not logged by the Finjan Vital Security NG proxy?
Answer
By default, the Vital Security NG appliance blocks connections to most "privileged" or "well known" ports (ports lower than 1024). Of the privileged ports, Vital Security only allows connections to 21 (FTP), 80 (HTTP), and 443 (HTTPS) by default.
Vital Security does not log anything when transactions are blocked due to the fact that they occurred on a restricted port. Simple URL whitelisting works on a URL basis (Layer 7) and can not resolve the problem in principle.
To allow additional privileged ports, administrators can edit the allowed ranges:
- From the management console, navigate to Settings > Devices > Scanning Server >HTTP: Allowed Server Ports in URI.
Change the set of allowed port ranges according to your needs, and then Apply and Commit Changes. You can check which port is responding by performing a packet trace on the proxy.
VSOS
8.4.0
8.4.3
8.5.0
- This article applies to:
- NG 1000
- NG 5000
- NG 8000
- This article was previously published as:
- Finjan KB 1152