We have our new UTM 320 working for a few weeks now. In the firewall log I recognized blocked connections from our Exchange server. The source port is always 443 and the destination ports are in the 20, 30 and 40'000. Entries in the log look like this:
2014:04:25-00:00:07 utm01-1 ulogd[28704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="0:50:56:a9:51[:D]0" dstmac="0:1a:8c:f0:8a:60" srcip="10.1.2.210" dstip="10.1.255.254" proto="6" length="40" tos="0x00" prec="0x00" ttl="128" srcport="443" dstport="24872" tcpflags="ACK RST"
2014:04:25-00:00:27 utm01-1 ulogd[28704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="0:50:56:a9:51[:D]0" dstmac="0:1a:8c:f0:8a:60" srcip="10.1.2.210" dstip="10.1.255.254" proto="6" length="153" tos="0x00" prec="0x00" ttl="128" srcport="443" dstport="24765" tcpflags="ACK PSH"
2014:04:25-00:00:27 utm01-1 ulogd[28704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="0:50:56:a9:51[:D]0" dstmac="0:1a:8c:f0:8a:60" srcip="10.1.2.210" dstip="10.1.255.254" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="443" dstport="24765" tcpflags="ACK FIN"
I also have Webserver Protection active for OWA and ActiveSync. Both work correct. Because everthing seems to work, I don't really know what these connections are and why our Exchange server tries to connect to the firewall. Do I have to create a special firewall rule for that?
Thanks for the help.
This thread was automatically locked due to age.
