Cant connect till Connectwise Control Server port 8040

Hi

 

After upgrading til v 18 Im unable to remote control customers server thru our Connectwise Control server.

I have the cleanset rule for outgoing traffic (for testing) but still can't connect to the server on port 8040.

After a quick downgrade to SFOS 17.5.8 MR-8 again. All is working again.

Same FW rule as in v 18.

 

Thoughts 

Parents Reply Children
  • Hello JTBrunner,

    Can you make an exception just for the IP targets/Ports of the ScreenConnect/ConnectWise services?

    If turning off SSL/TLS inspection worked then placing a targeted exception should be fine.

    I hope that Dev come back saying it is a bug, however it is more likely that the ScreenConnect system does not accept the Certificate from the XG so therefore terminates the connection. This happens with LogMeIn, Zoho Assist, Join.me, some elements of Zoom and Office 365 (needs at least 92 exceptions).

    Emile

  • Just as the OP stated, I have created exceptions for screenconnect in all possible locations. Even went as far as to create a special firewall rule just for that application and turned off everything possible, the traffic should be passing without interference. I suspect it has something to do with AWS, my latest pcap indicates that traffic is returned from an amazonaws.com address and not screenconnect.com. I had created exceptions for AWS also but it did not help. Next I will add AWS to the special firewall rule and see if that works. It may be possible that this is the root of the problem with other sites as well.

  • Here is my URL Group containing all pertinent URLs and IP addresses...

    And here is my SSL/TLS Inspection Rule (Exceptions by Website) where I added the URL group to the websites...

    Even went as far as to create a new SSL/TLS Inspection Rule just for ScreenConnect...

    Also created a Decryption Profile just for Screenconnect with absolutely nothing being decrypted or blocked (MAXIMUM COMPATIBILITY)...

    Still no help, the only thing that "fixes" this is to turn off SSL/TLS Inspection...