This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SFTP connections not passing through web filtering

Hello,

Some applications need to perform SFTP connections to Internet. Their setup was working fine on-prem but now migrated to AWS they don't.

In AWS we have UTM 9 with Web-Filtering as a proxy and connections are not passing through.

Instances in AWS use the UTM IP address and port 8080 as proxy settings in order to reach Internet. And the applications have the proxy setup too.

Application tries to SFTP 100.X.X.X using port 2222 but times out.

This is seen on the Live Log on WebFiltering...


2021:05:06-14:45:07 MYFIREWALL httpproxy[5182]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="10.10.10.19" dstip="" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xa9f2e00" url="">https://100.X.X.X:2222/" referer="" error="Target service not allowed" authtime="0" dnstime="0" aptptime="0" cattime="0" avscantime="0" fullreqtime="1281" device="0" auth="0" ua="" exceptions=""

Comes to my attention that the UTM sees url = https on port 2222 when it was an SFTP connection. Can somebody comment on this?

To fix this I tried to setup a Generic Proxy rule [Web Protection>Avanced] but had same issue, same logs.

This is how the Rule looks like:

Interface: Internal (This is the only interface the UTM has)

service definition: tcp-2222

host: 100.X.X.X

service tcp-2222

Allowed networks 10.0.0.0

Thanks for your time and support!



This thread was automatically locked due to age.
Parents Reply
  • This is the error message seen in the server after attempting the connection.

    Later I had to setup another service definition for SSH, using same method described before and this connection succeed. Another evidence that access was allowed fine.

Children
No Data