Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1900 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to grant access to website not on port 80

Barry_Foss
I have a need to access a website hosted outside my office that runs on port 89. I tried a packet filter and "transparent mode skiplist" but that didn't work. What i ended up doing was adding the service 89 to the "Allowed target services" under advanced web security.  What i don't like about that is that anybody can connect to anything now on that port.  I just want access to just that one site.  Any insite into this would be helpful thanks,

Running version 7.306

The astaro message is target serivce not allowed.


This thread was automatically locked due to age.
Parents
  • 0
    Wouldn't a more-accurate way to describe it be "anybody can connect to anything now on that port, with no more limitations than on port 80?"  Because you did that with the HTTP Proxy, you still have a lot more control than if you'd simply opened port 89 to the outside for everyone.

    If you want to limited that to just yourself, instead of going through the proxy, you could make a PF rule like 'Barry (User Network) -> [Port 89 Service] -> Any : Allow'; I think that will work.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Thanks for the reply, i think you missed that i tried the pf rule and that didn't work till i allowed the service.  So i tried this on my home Astaro with the pf rule for port 89 and it worked. This happens to be 7.401 already not sure if that is it or i have a bigger problem at work with something misconfigured.  I went back to work and tried the exact same pf rule and put it first, it still didn't work until i allowed the port 89 in the "Allowed Target services".

    What do you think i could have configured wrong at my work, what should i check?
    I will tried to upgrade to the 7.401 tonight if i get time, just wan't ready for that yet, do you think that will help?
    thanks..
  • 0 in reply to Barry_Foss
    I don't know of any reason 7.401 would help.  There are still a few issues floating around, so I'm not yet recommending 7.4 to clients who don't need HTTPS scanning or WAN Link Balancing/Multipathing, but I'm close.

    Are you running the HTTP Proxy in Transparent mode or are you running in an authentication mode?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    ok thanks for the quick feedback and good question
    at home i use transparent and don't put anything in the proxy

    at work i have tranparent turned on but do use edir sso and profiles with the default falling back to the default of transparent with some exceptions added(i have clients come in and want to use the internet without authenticating) and setup the proxy with 8080 for my staff.
  • 0 in reply to Barry_Foss
    And, thanks for the compliment.

    Since you are using profiles with SSO, I wonder if you might take a minute to comment on https://community.sophos.com/products/unified-threat-management/astaroorg/f/55/t/43932.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data