Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 32285 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

port 3391

AreshAreshi

HI,

we have a DNAT that allow connection to our Rdgateway server 2012 R2 on port 443, on of the customer complaint that when they try to open a published application they get an error.

I did check the FW logs and see this:

2017:08:24-15:05:52 securitysrv1-2 ulogd[7658]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x21d9" app="473" srcmac="54:e0:32:06:76:9a" dstmac="00:1a:8c:f0:0f:a0" srcip="217.XX.XX.30" dstip="62.XX.XX.164" proto="17" length="203" tos="0x00" prec="0x00" ttl="119" srcport="35703" dstport="3391"

I understand the 6001 means the port is not accessble and as I said we did only open the port 443. what I dont understand is this entry in the live FW log:

 

Should we also port 3391 as well?

Thanks


This thread was automatically locked due to age.
Parents
  • 0

    Back to how rdgateway works.  When tney connect to the published app, are they redirectex to a secondary connection on a nonstandard port?  I have seen this type of architecture with both Citrix and Vmware Horizon View.

    Some organizations block nonstandard ports at their firewall, and you would not see any UTM log entry for a connect that never happened.

  • 0 in reply to DouglasFoster

    Thank you for the reply,

    We did not cahnge any ports on the RDgateway and everything is defualt. you are right the application that they cannot open is located on the second RDS server.

    Back to the oraginal question, as you can see in the firewall log it shows drop connection as SSL!! is this TCP or UDP?

    Thanks

  • 0 in reply to AreshAreshi

    The answer is in the full Firewall log: proto="17" => UDP.  SSL can ride on UDP or TCP.  In order to speed up access, Google has Chrome use UDP 443 for SSL with its servers.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to AreshAreshi

    The answer is in the full Firewall log: proto="17" => UDP.  SSL can ride on UDP or TCP.  In order to speed up access, Google has Chrome use UDP 443 for SSL with its servers.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML