Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 16 replies
  • Answers 3 answers
  • Subscribers 5 subscribers
  • Views 51143 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Target service not allowed" error

dlenick
I am relatively new to the Astaro product and in general everything is working fine, but I'm having problems with a specific WEB site.

The site references another site within a frame.   The issue is that the referring site is redirecting HTTP on port 6167 to the referenced site.  I believe this is to track the referring site.  I've added exceptions for both sites and even opened port 6167, however it still does not work for our proxy users.  They get the "Target service not allowed" error in the frame.
Can anyone provide me with information on correcting this?

Primary site is www.appliancecanada.com which refers to www.rwscheckout.com:6167.


This thread was automatically locked due to age.
  • 0
    Add a service definition for this port to the allowed services configuration in the HTTP Proxy configuration... look under the Advanced tab in HTTP Proxy menu.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Thanks!  That did it.  Learn something new every day.
  • 0

    ok i ge it, but why this service does not work if i set it up in the firewall Rules ? i need to set it for a vlan ! not for the whole Network

    thanks in advance and regards.

  • 0 in reply to LuisApodaca

    I'm not sure what you want to do, Luis.  If you want the traffic to be handled by the Web Filtering Proxy used in Standard mode, you must add the Service on the 'Misc' tab.  If you don't want to use the Proxy and you already have a firewall rule, do you have a masquerading rule for the VLAN?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I am tring to allow a new service, port 141 tcp/udp, we had not this one before, so i made a new service definition but, I dont really like to setup those ports in " Web Protection / Filtering Options / Misc Settings / Allowed Target Services ", because I wont use those for the whole network

    I need to allow the service in just one particular vlan, that is why I tried to set it up the port in the Firewall rules and it doesn´t work, untill i set it up in Target Services

    i am doing somethig wrong ? or that's the way it should be ?, i am confused !

  • +2 in reply to LuisApodaca

    Adding that service in Filtering Options allows it to be used with the Web Filtering Proxy.  Check #2 in Rulz and you will see that your firewall rule can have no effect on traffic handled by the Proxy.  It sounds like you need to have a separate Web Filtering Profile for that VLAN that is allowed access to some sites that the subnets in the Default Profile are not allowed to reach.  Or, you could do the same with an Exception from URL Filtering for requests coming from the VLAN and going to sites that are prohibited in the Default Profile.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    ok, i think the first time i read Rulz i got it right, and if i did, the right way is web Filtering before Firewall rules

    and in my web Filtering i have the entire Lan in allowed Networks with the default setting (HTTP, HTTPS, plus HTTPProxy) an in the Firewall rules i only have setups for other services that are not the default, and we have them in separated vlans

    sorry if i forgot to tell you all this !!

    that´s why i am confuse, the port 141 tcp/udp it is not one by the default, it is not some http port and if is not, why is not working whe i set it up in the firewall rules? and it work only in the web Filtering ?

    I just want to avoid my confusion, but hey, remember this is working by now, it is not something to hurry

    thanks and regards

  • 0 in reply to LuisApodaca

    When you configure a browser with an explicit proxy, it sends all of the traffic to the UTM Proxy, regardless of the port used in the URL.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    ok, i let you an example of why i am confused;

    Everything started when i needed to set a service definition for

    http://smsplus.wi-eyeoncloud.com:3000/auth/login/

    this webpage send a "target service not allowed" message so i set that URL in "Filtering Options / Exceptions" and didnt work, and also in "Filtering Options / Websites" and didnt work either

    in that moment i didnt get "Rulz" as i get it now, but at the end when i set it up this "SMS Bulker" - TCP:3000 in Firewall Rules for the vlan needed, it worked

    This port 141 is not a default one as like 3000 either, that is why i wont set them in "Allowed Target Services"

    so why this method is working with one port and not with "EMFIS" - TCP:141 ? what is the diference ?, did i loss something ?

    thanks and regards

  • 0 in reply to LuisApodaca

    Please show pictures of what you did to make 3000 work.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML