Site, custom port and Kerio Control
Good afternoon. I want to talk about a very simple, at first glance, problem, the solution of which took me about half an hour, despite the fact that I have been administering Kerio Control for a long time and I know this product well.
Given: the bank's website, access to which is via a non-standard (TCP 5099) port. And the computer on which this site does not open.
In my network, for users, only those ports are open that are necessary and when I saw the problem, I immediately opened the Kerio administration console to add the desired port to the permit rule. But this has already been done (apparently, for the same site even earlier). After thinking a bit, looking at the traffic logs and trying to open this site from another computer (successfully), I was puzzled.
Not knowing what to think, I created a new temporary rule that would allow a problem computer to have full Internet access on all ports and include detailed logs on this rule to see what happens.
Lines of network activity of the computer ran cheerfully in the magazine, but the site still did not open.
Starting to get mad at an incomprehensible problem that delayed me at work, I began to carefully look at all the Kerio logs that mentioned the problem host and saw a line that informed me that P2P connections were detected on this computer. According to the setting, only non-P2P connections were allowed to this computer:
An absolutely harmless option prohibiting torrent clients, but usually not interfering with the user's work, in this case played a cruel joke with me.
Port 5099 was blocked, although it did not fall into the range of “suspicious” ports; why this happened is not clear.
Once the reason was found, the solution was simple - adding another one
running on port 5099 to the list of Kerio services :
And adding this service to the P2P filter exclusion list.
I wish all system administrators fewer such problems so that there is time for something really interesting. And obedient users who are not trying to use corporate computers for entertainment.
Given: the bank's website, access to which is via a non-standard (TCP 5099) port. And the computer on which this site does not open.
In my network, for users, only those ports are open that are necessary and when I saw the problem, I immediately opened the Kerio administration console to add the desired port to the permit rule. But this has already been done (apparently, for the same site even earlier). After thinking a bit, looking at the traffic logs and trying to open this site from another computer (successfully), I was puzzled.
Not knowing what to think, I created a new temporary rule that would allow a problem computer to have full Internet access on all ports and include detailed logs on this rule to see what happens.
Lines of network activity of the computer ran cheerfully in the magazine, but the site still did not open.
Starting to get mad at an incomprehensible problem that delayed me at work, I began to carefully look at all the Kerio logs that mentioned the problem host and saw a line that informed me that P2P connections were detected on this computer. According to the setting, only non-P2P connections were allowed to this computer:
An absolutely harmless option prohibiting torrent clients, but usually not interfering with the user's work, in this case played a cruel joke with me.
Port 5099 was blocked, although it did not fall into the range of “suspicious” ports; why this happened is not clear.
Once the reason was found, the solution was simple - adding another one
running on port 5099 to the list of Kerio services :
And adding this service to the P2P filter exclusion list.
I wish all system administrators fewer such problems so that there is time for something really interesting. And obedient users who are not trying to use corporate computers for entertainment.