This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't use Port 443

Hi everyone,

First question can I use Port 443 for the User Portal and the SSL VPN at the same time on my Sophos UTM 9?

I put all my Services on other Ports so that Port 443 should be free.
SSL VPN is running on 1194 UDP
and the User Portal on 4443 TCP
If I do a port Scan there is no service on 443 also no telnet connections is possible.

telnet hostname 443
Trying x.x.x.x...
telnet: connect to address x.x.x.x: Operation timed out
telnet: Unable to connect to remote host

But when I try to put the User Portal for example on Port 443 TCP it is not working. Also the same with the SSL VPN.

It seems that Port 443 is not working on my UTM.
It seems that the UTM is blocking the Port 443 maybe with a other service I don't know. Is there any option to evaluate why my Port 443 is not working or if any service is using this port?

I attached a screenshot of my Firewall Rules and Masquerading Rules
Is there any failure ??

This thread was automatically locked due to age.

0 sava_csi over 9 years ago

how do I open port 80 and port 443 for various items inbound - such as security panel and iPhones for Netflix
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 9 years ago

For unsolicited inbound traffic, you would need to setup DNATs.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

0 JW0914_01 over 9 years ago

Hi everyone,

First question can I use Port 443 for the User Portal and the SSL VPN at the same time on my Sophos UTM 9?

I put all my Services on other Ports so that Port 443 should be free.
SSL VPN is running on 1194 UDP
and the User Portal on 4443 TCP
If I do a port Scan there is no service on 443 also no telnet connections is possible.
telnet hostname 443

Trying x.x.x.x...

telnet: connect to address x.x.x.x: Operation timed out

telnet: Unable to connect to remote host
But when I try to put the User Portal for example on Port 443 TCP it is not working. Also the same with the SSL VPN.

It seems that Port 443 is not working on my UTM.
It seems that the UTM is blocking the Port 443 maybe with a other service I don't know. Is there any option to evaluate why my Port 443 is not working or if any service is using this port?

I attached a screenshot of my Firewall Rules and Masquerading Rules
Is there any failure ??

A few important points...

Sophos UTM was built for enterprises and is important to keep in mind when viewing default settings on your UTM[/b][/list]
In a home and small business environment it is ill-advisable to utilize standard ports for sensitive services, such as VPNs, User Portal Logins, WebAdmin Portal logins (if not permitted from LAN only),  SSH, Telnet, etc.  If assigning non-standard ports, you must utilize ports >1025 and is recommended to stay never be accessible from WAN, and doing so is an open invitation to be exploited.  Remote access to the WebAdmin Portal should be accomplished via PKI SSH, with the SSH tunnel set up to provide a separate tunnel via loopback [127.0.0.1] to access the WebAdmin Portal.  For example, in PuTTY [Connection - SSH - Tunnels], pick a random source port with the destination being local 127.0.0.1:[WebAdmin Portal Port] (however, I believe something else must be configured since Sophos doesn't use 80 for the WebAdmin Portal as most home routers do).

BAlfson pointed out some great advice: "I recommend limiting 'Allowed Networks' in 'WebAdmin Settings' to supportaccess.sophos.com, supportaccess.mediasoftusa.com, the "SuperAdmins (User Group Network)" object and the local fixed IPs of SuperAdmin members."[/COLOR]

If this is a home or small business setup, do not, under any circumstances, utilize 443 for a VPN or User Portal login

I will guarantee if you've had your UTM up and running for more than a day, if you check your firewall logs, you will see you've been port scanned on 80 and 443 from WAN.  Thousands of bots exist with the sole purpose of port scanning default traffic ports, looking for an exploitable port.

If you're not concerned with devices on your LAN having access to WAN [the internet], ditch the fine grained, granular controls in the firewall and allow all traffic to pass from LAN to WAN (LAN --> Any --> Internet)

If you need to filter specific traffic (i.e. children), create rules for them above the LAN access rule.  Doing this also precludes you from having to configure DNAT for 443 and 80 (which is also an extremely bad idea, as you're allowing WAN traffic unfettered access to your LAN, which should never be done unless there are strict, complex authorization rules that exist on the router prior to traffic being passed on (something you neither have, nor need to provide DNAT access for)

Traffic should only be allowed to pass from WAN --> LAN if strict, complex authorization methods are in place (i.e. 2048bit AES256 SHA512 SSL certs, SSH via PKI only with password login disabled, and all access via Telnet blocked [Telnet should be disabled altogether]).  Encryption should never be lower, or higher, than 2048bit/AES256 (unless handling TS/SCI, which must be 3072bit) and hashes should always be SHA512, with sha1 or md5 never being utilized (performance with 2048bit over 1024bit is so miniscule, it's not perceptible, however anything higher will severely degrade performance; SHA512 processes faster than SHA256)

It's recommended to change the default WebAdmin port to something other than port 4444.

All consumers and small businesses should block inbound/outbound access on port 4444 because more exploits utilize that port than exist legitimate assigned uses.

When it comes to a home router's firewall, OpenWRT's implementation of iptables via fw3 is the standard by which I gauge firewall setup on other home routers, as it's impervious and impossible to break through WAN to LAN due to it's default settings.  Sophos' firewall is just as good, and when working with a new router, I always reference OpenWRT's default fw3 implementation when configuring rules on the new router.

Below is the default OpenWRT iptables firewall I reference

There is both a guest subnet [192.168.2.0/24] and personal subnet [192.168.1.0/24], a bridge rule preventing the guest and personal subnets from accessing one another, as well as a VPN subnet [10.0.1.0/28], and rate limit rules I've added as a default base to build upon

iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t filter -N delegate_input
iptables -t filter -N delegate_output
iptables -t filter -N delegate_forward
iptables -t filter -N delegate_rate_limit
iptables -t filter -N reject
iptables -t filter -N input_rule
iptables -t filter -N output_rule
iptables -t filter -N forwarding_rule
iptables -t filter -N syn_flood
iptables -t filter -N zone_lan_input
iptables -t filter -N zone_lan_output
iptables -t filter -N zone_lan_forward
iptables -t filter -N zone_lan_src_ACCEPT
iptables -t filter -N zone_lan_dest_ACCEPT
iptables -t filter -N zone_lan_dest_DROP
iptables -t filter -N input_lan_rule
iptables -t filter -N output_lan_rule
iptables -t filter -N forwarding_lan_rule
iptables -t filter -A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule
iptables -t filter -A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule
iptables -t filter -A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule
iptables -t filter -N zone_wan_input
iptables -t filter -N zone_wan_output
iptables -t filter -N zone_wan_forward
iptables -t filter -N zone_wan_src_DROP
iptables -t filter -N zone_wan_dest_ACCEPT
iptables -t filter -N zone_wan_dest_DROP
iptables -t filter -N input_wan_rule
iptables -t filter -N output_wan_rule
iptables -t filter -N forwarding_wan_rule
iptables -t filter -A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule
iptables -t filter -A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule
iptables -t filter -A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule
iptables -t filter -D INPUT -j delegate_input
iptables -t filter -A INPUT -j delegate_input
iptables -t filter -D OUTPUT -j delegate_output
iptables -t filter -A OUTPUT -j delegate_output
iptables -t filter -D FORWARD -j delegate_forward
iptables -t filter -A FORWARD -j delegate_forward
iptables -t filter -A delegate_input -i lo -j ACCEPT
iptables -t filter -A delegate_output -o lo -j ACCEPT
iptables -t filter -A delegate_input -m comment --comment "user chain for input" -j input_rule
iptables -t filter -A delegate_output -m comment --comment "user chain for output" -j output_rule
iptables -t filter -A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule
iptables -t filter -A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_input -m conntrack --ctstate INVALID -j DROP
iptables -t filter -A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_output -m conntrack --ctstate INVALID -j DROP
iptables -t filter -A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_forward -m conntrack --ctstate INVALID -j DROP
iptables -t filter -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN
iptables -t filter -A syn_flood -j DROP
iptables -t filter -A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood
iptables -t filter -A reject -p tcp -j DROP
iptables -t filter -A reject -j DROP
iptables -t filter -I delegate_forward 1 -i br1 -m state --state NEW -j ACCEPT
iptables -t filter -I delegate_forward 2 -i br1 -o br0 -m state --state NEW -j DROP
iptables -t filter -I delegate_forward 3 -i br0 -o br1 -m state --state NEW -j DROP
iptables -t filter -A delegate_rate_limit -p tcp --dport 22 -m limit --limit 3/min --limit-burst 3 -j DROP
iptables -t filter -A delegate_rate_limit -p tcp --dport 23 -m limit --limit 3/min --limit-burst 3 -j DROP
iptables -t filter -A delegate_rate_limit -p tcp --dport 1194 -m limit --limit 3/min --limit-burst 3 -j DROP
iptables -t filter -A delegate_rate_limit -p udp --dport 1194 -m limit --limit 3/min --limit-burst 3 -j DROP
iptables -t filter -A delegate_rate_limit -p ICMP --icmp-type echo-request -m limit --limit 3/sec -j ACCEPT
iptables -t filter -A delegate_rate_limit ! -p ICMP -j LOG --log-prefix " Connection dropped "
iptables -t filter -A delegate_rate_limit -p tcp -j DROP
iptables -t filter -A delegate_rate_limit -p udp -j DROP
iptables -t filter -A delegate_rate_limit -j DROP
iptables -t filter -I delegate_input -p ICMP --icmp-type echo-request -j rate_limit
iptables -t filter -I delegate_input -p tcp --dport 22 -m state --state NEW -j rate_limit
iptables -t filter -I delegate_input -p tcp --dport 23 -m state --state NEW -j rate_limit
iptables -t filter -I delegate_input -p tcp --dport 1194 -m state --state NEW -j rate_limit
iptables -t filter -I delegate_input -p udp --dport 1194 -m state --state NEW -j rate_limit
iptables -t filter -I delegate_output -d 192.168.1.0/24 -j ACCEPT
iptables -t filter -I delegate_output -d 10.0.1.0/28 -j ACCEPT
iptables -t filter -I delegate_input -s 192.168.2.0/24 -j ACCEPT
iptables -t filter -I delegate_input -s 10.0.1.0/28 -j ACCEPT
iptables -t filter -I delegate_input -i br1 -p tcp --dport 22 -j DROP
iptables -t filter -I delegate_input -i br1 -p tcp --dport 23 -j DROP
iptables -t filter -I delegate_input -i br1 -p tcp --dport 137 -j DROP
iptables -t filter -I delegate_input -i br1 -p tcp --dport 138 -j DROP
iptables -t filter -I delegate_input -i br1 -p tcp --dport 139 -j DROP
iptables -t filter -I delegate_input -i br1 -p tcp --dport 445 -j DROP
iptables -t filter -I delegate_input -i br1 -p tcp --dport 1194 -j DROP
iptables -t filter -I delegate_input -i br1 -p udp --dport 1194 -j DROP
iptables -t filter -I delegate_input -i br1 -p tcp --dport 1940 -j DROP
iptables -t filter -I delegate_input -i br1 -p udp --dport 1940 -j DROP
iptables -t filter -A zone_lan_forward -m comment --comment "forwarding lan -> wan" -j zone_wan_dest_ACCEPT
iptables -t filter -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_lan_input -j zone_lan_src_ACCEPT
iptables -t filter -A zone_lan_forward -j zone_lan_dest_DROP
iptables -t filter -A zone_lan_output -j zone_lan_dest_ACCEPT
iptables -t filter -D zone_lan_src_ACCEPT -i br0 -j ACCEPT
iptables -t filter -A zone_lan_src_ACCEPT -i br0 -j ACCEPT
iptables -t filter -D zone_lan_dest_ACCEPT -o br0 -j ACCEPT
iptables -t filter -A zone_lan_dest_ACCEPT -o br0 -j ACCEPT
iptables -t filter -D zone_lan_dest_DROP -o br0 -j DROP
iptables -t filter -A zone_lan_dest_DROP -o br0 -j DROP
iptables -t filter -D delegate_input -i br0 -j zone_lan_input
iptables -t filter -A delegate_input -i br0 -j zone_lan_input
iptables -t filter -D delegate_output -o br0 -j zone_lan_output
iptables -t filter -A delegate_output -o br0 -j zone_lan_output
iptables -t filter -D delegate_forward -i br0 -j zone_lan_forward
iptables -t filter -A delegate_forward -i br0 -j zone_lan_forward
iptables -t filter -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_wan_input -j zone_wan_src_DROP
iptables -t filter -A zone_wan_forward -j zone_wan_dest_DROP
iptables -t filter -A zone_wan_output -j zone_wan_dest_ACCEPT
iptables -t filter -D zone_wan_dest_ACCEPT -o eth1 -j ACCEPT
iptables -t filter -A zone_wan_dest_ACCEPT -o eth1 -j ACCEPT
iptables -t filter -D zone_wan_src_DROP -i eth1 -j DROP
iptables -t filter -A zone_wan_src_DROP -i eth1 -j DROP
iptables -t filter -D zone_wan_dest_DROP -o eth1 -j DROP
iptables -t filter -A zone_wan_dest_DROP -o eth1 -j DROP
iptables -t filter -D delegate_input -i eth1 -j zone_wan_input
iptables -t filter -A delegate_input -i eth1 -j zone_wan_input
iptables -t filter -D delegate_output -o eth1 -j zone_wan_output
iptables -t filter -A delegate_output -o eth1 -j zone_wan_output
iptables -t filter -D delegate_forward -i eth1 -j zone_wan_forward
iptables -t filter -A delegate_forward -i eth1 -j zone_wan_forward
iptables -t filter -D zone_wan_dest_ACCEPT -o eth1 -j ACCEPT
iptables -t filter -A zone_wan_dest_ACCEPT -o eth1 -j ACCEPT
iptables -t filter -D zone_wan_src_DROP -i eth1 -j DROP
iptables -t filter -A zone_wan_src_DROP -i eth1 -j DROP
iptables -t filter -D zone_wan_dest_DROP -o eth1 -j DROP
iptables -t filter -A zone_wan_dest_DROP -o eth1 -j DROP
iptables -t filter -D delegate_input -i eth1 -j zone_wan_input
iptables -t filter -A delegate_input -i eth1 -j zone_wan_input
iptables -t filter -D delegate_output -o eth1 -j zone_wan_output
iptables -t filter -A delegate_output -o eth1 -j zone_wan_output
iptables -t filter -D delegate_forward -i eth1 -j zone_wan_forward
iptables -t filter -A delegate_forward -i eth1 -j zone_wan_forward
iptables -t nat -N delegate_prerouting
iptables -t nat -N delegate_postrouting
iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule
iptables -t nat -N zone_lan_postrouting
iptables -t nat -N zone_lan_prerouting
iptables -t nat -N prerouting_lan_rule
iptables -t nat -N postrouting_lan_rule
iptables -t nat -A zone_lan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_lan_rule
iptables -t nat -A zone_lan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_lan_rule
iptables -t nat -N zone_wan_postrouting
iptables -t nat -N zone_wan_prerouting
iptables -t nat -N prerouting_wan_rule
iptables -t nat -N postrouting_wan_rule
iptables -t nat -A zone_wan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan_rule
iptables -t nat -A zone_wan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan_rule
iptables -t nat -D PREROUTING -j delegate_prerouting
iptables -t nat -A PREROUTING -j delegate_prerouting
iptables -t nat -D POSTROUTING -j delegate_postrouting
iptables -t nat -A POSTROUTING -j delegate_postrouting
iptables -t nat -A delegate_prerouting -m comment --comment "user chain for prerouting" -j prerouting_rule
iptables -t nat -A delegate_postrouting -m comment --comment "user chain for postrouting" -j postrouting_rule
iptables -t nat -D delegate_prerouting -i br0 -j zone_lan_prerouting
iptables -t nat -A delegate_prerouting -i br0 -j zone_lan_prerouting
iptables -t nat -D delegate_postrouting -o br0 -j zone_lan_postrouting
iptables -t nat -A delegate_postrouting -o br0 -j zone_lan_postrouting
iptables -t nat -A zone_wan_postrouting -j MASQUERADE
iptables -t nat -D delegate_prerouting -i eth1 -j zone_wan_prerouting
iptables -t nat -A delegate_prerouting -i eth1 -j zone_wan_prerouting
iptables -t nat -D delegate_postrouting -o eth1 -j zone_wan_postrouting
iptables -t nat -A delegate_postrouting -o eth1 -j zone_wan_postrouting
iptables -t nat -D delegate_prerouting -i eth1 -j zone_wan_prerouting
iptables -t nat -A delegate_prerouting -i eth1 -j zone_wan_prerouting
iptables -t nat -D delegate_postrouting -o eth1 -j zone_wan_postrouting
iptables -t nat -A delegate_postrouting -o eth1 -j zone_wan_postrouting
iptables -t nat -I delegate_postrouting -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
iptables -t mangle -N mssfix
iptables -t mangle -N fwmark
iptables -t mangle -D FORWARD -j mssfix
iptables -t mangle -A FORWARD -j mssfix
iptables -t mangle -D PREROUTING -j fwmark
iptables -t mangle -A PREROUTING -j fwmark
iptables -t mangle -D mssfix -p tcp -o eth1 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
iptables -t mangle -A mssfix -p tcp -o eth1 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
iptables -t mangle -D mssfix -p tcp -o eth1 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
iptables -t mangle -A mssfix -p tcp -o eth1 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
iptables -t raw -N delegate_notrack
iptables -t raw -D PREROUTING -j delegate_notrack
iptables -t raw -A PREROUTING -j delegate_notrack

If running a router with DD-WRT, I highly recommend customizing the above commands to your environment and pasting them into the command box, saving as "Firewall".
As Scott_Klasson pointed out below, it's advisable to utilize something other than the default LAN addresses.  I don't utilize any of the above subnets, but included them for reference points.

0 BAlfson over 9 years ago

LAN --> Any --> External Network

JW, you will want to change that to 'LAN -> Any -> Internet' as "External Network)" includes only the "External (Address)" and its subnet.

Good explanations! Outside of the firewall rule, I don't think these concepts are out of place in any business. I know you like UDP for the SSL VPN, and I normally use UDP 443. I use TCP 2443 for the User Portal. TCP 443 only gets in via the Web Application Firewall.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 9 years ago

Since JW has generalized a bit with his last post on good baseline practices, I'll add a push-in to what he said. Change the default internal subnet from 192.168.1.X or 192.168.0.X to something else. Every router in the world uses one or the other of these by default for LAN addressing, including Sophos UTM, so it can complicate things when dealing with VPNs when both the local and remote LANs are using the same subnet.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
0 JW0914_01 over 9 years ago in reply to BAlfson

JW, you will want to change that to 'LAN -> Any -> Internet' as "External Network)" includes only the "External (Address)" and its subnet.

... I know you like UDP for the SSL VPN...

Thanks for catching that! =]

It's not so much that I like UDP for SSL VPNs, but that TCP-over-TCP is inefficient in the way that it transports data; there is a place for TCP in SSL VPNs, but only in select environments where there is a clear indication TCP is the better fit (such as high packet loss). Generally, most users will experience higher throughput and lower latency with UDP over TCP.
Cancel
Vote Up 0 Vote Down

Cancel
0 vilic over 9 years ago in reply to JW0914_01

Thanks for catching that! =]
It's not so much that I like UDP for SSL VPNs, but that TCP-over-TCP is inefficient in the way that it transports data; there is a place for TCP in SSL VPNs, but only in select environments where there is a clear indication TCP is the better fit (such as high packet loss). Generally, most users will experience higher throughput and lower latency with UDP over TCP.

Downside of using UDP for SSL VPN is that UDP/443 is usually blocked on corporate firewalls.
Cancel
Vote Up 0 Vote Down

Cancel
0 JW0914_01 over 9 years ago in reply to vilic

Downside of using UDP for SSL VPN is that UDP/443 is usually blocked on corporate firewalls.

That has nothing to do with an SSL VPN, as only Sophos configures the default port to 443, with all other implementations I've come across 1194 as the default port.

Regardless of what the default port is set to, unless it's being implemented inside of a complex business network, its ill-advised for most to utilize default ports. I say most because most don't adequately secure their networks, especially if they're running oem firmware
Cancel
Vote Up 0 Vote Down

Cancel
0 vilic over 9 years ago

My point was that running SSL VPN on every port except tcp/443 will cause problem on the end-user side, not being able to establish VPN connection unless they are connected on public or low secured networks.

I've had many complaints from my clients that were using PPTP VPN in the past few years (nowadays even hotel and airport networks are tight secured), so migrating them to anything else than tcp/443 SSL VPN solution would cause the same problem again.

p.s Regarding security, try to explain that facts to an angry CEO calling from hotel room abroad in 2AM asking why he can't establish the connection (urgent matter, of course...[;)])
Cancel
Vote Up 0 Vote Down

Cancel
0 JW0914_01 over 9 years ago in reply to vilic

My point was that running SSL VPN on every port except tcp/443 will cause problem on the end-user side, not being able to establish VPN connection unless they are connected on public or low secured networks.

I've had many complaints from my clients that were using PPTP VPN in the past few years (nowadays even hotel and airport networks are tight secured), so migrating them to anything else than tcp/443 SSL VPN solution would cause the same problem again.

p.s Regarding security, try to explain that facts to an angry CEO calling from hotel room abroad in 2AM asking why he can't establish the connection (urgent matter, of course...[;)])

I apologize, I misunderstood your previous reply =]
Cancel
Vote Up 0 Vote Down

Cancel