Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

httpd event message creates HUGE logfiles

Status
Not open for further replies.
MileAMinuteMarv

MileAMinuteMarv

Technical User
Jan 18, 2002
3
0
0
US
I've just adopted a Raptor 6.5.0 firewall that generates the following event every .01 seconds or so

httpd Notice: The CONNECT method cannot be used to access port 2848 on the requested server due to the current firewall configuration.
This creates four log files daily of about 200 mb. The port number is nothing we knowingly use, and we don't know what to look at next. Any suggestions on what the problem is?
Thanks.
 
Sort by date Sort by votes
Hello,

I have the same problem at the moment,have you already a solution for your problem?
if so, please let me know.

Thanks
 
Upvote 0 Downvote
My ISA server logs TCP traffic on 2848 to Symantec's Central Quarantine. My log files are growing just as fast as what's mentioned above.

I think on ISA I'll have to make a protocol definition for traffic on that port so it can get through. I found all this out by doing an NSLOOKUP on the destination IP in my logs.

I'll respond with my results. Hope this is of help...

--Rick
 
Upvote 0 Downvote
I have used the program tcpdump what is on my firewall and find out that it is sure the problem comes from the Symantec's Central Quarantine server, its generating traffic to Symantec Security Response Team. You can find more about it in the knowledge base of symantec.
By default is use the ports 2847, 2848 but opening these ports from my server to symantec dont work at the moment.
I try now to find a way to solve the problem. if i find out a way i let you know



 
Upvote 0 Downvote
The solution is to configure the HTTP service for the server to allow HTTP over SSL and create a port list where 2848 is in.
 
Upvote 0 Downvote
I finally eliminated the messages.
Solution:
I created two protocols with reverse port groupings
tcpap-gsp2847, Protocol TCP, Destination Port Range 2847-2848, Source Port Range 1024-65535
tcpap-gsp2848, same except reverse port assignments
Set up Rule named Symantec Quarantine Access
connection coming in via ANY
From <server>
Destined for Universe
Coming out via ANY
Services are http* and the two rules above.
Highlight the http* service and select Configure
On the Http*, check allow HTTP
check Allow HTTP over valid SSL on the following ports:
Add ports 2847
2848
443
563
Click OK, then right click in the Rules right pane and select Save and Configure.
In the future I'll work with this to see if I can slim it down. I'll post any changes.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kzn
  • Locked
  • Question
Error communicating with Firebox 10.0.0.1. IO_ERROR: Message processing timeout. Please try again
Replies
2
Views
62
kzn
kzn
akacommie
  • Locked
  • Question
Text Message and Mobile Email Encyption Product
Replies
0
Views
27
akacommie
akacommie
kholladay
  • Locked
  • Question
VPN Tunnel causes IP spoof dropped message
Replies
0
Views
25
kholladay
kholladay
stergiosnik
  • Locked
  • Question
ISA 2004 application filter error message
Replies
0
Views
23
stergiosnik
stergiosnik
ukdkbr123
  • Locked
  • Question
Help With Warning Message PIX 515e
Replies
0
Views
13
ukdkbr123
ukdkbr123

Part and Inventory Search

Sponsor

Back
Top