Endian Bugtracker
Endian Issue Tracker

Please see now our new Bugtracker system: JIRA

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0004578Endian FirewallIntrusion Preventionpublic2013-10-02 12:502015-11-18 18:30
Assigned To 
PlatformOSOS Version2.5.2
Product Version2.5 
Target VersionFixed in Version 
Summary0004578: Remote Desktop Connection Failed When "Allow With IPS"
DescriptionRemote Desktop Connection, port 3389 and 3390 were Allow With IPS on outgoing traffic and working fine all the time from version 2.5.1, then upgraded to 2.5.2 last month.

After snort rule was auto updated on today afternoon, then it failed to work. Changed the rule to just Allow, then it able to get through.

On the firewall log, it showed "OUTGOINGFW:ALLOW:12",when ports were Allow With IPS, but connection were failed. But if changed to Allow, then showed "OUTGOINGFW:ACCEPT:12" and connection was successful.
Additional InformationThings were done to test,

1. Restart efw system
2. Save and restart the SNORT
3. Tried on different computers
4. Tried on different zones
TagsNo tags attached.
Attached Filesjpg file icon IPS_error_tcp port 1433.jpg [^] (29,593 bytes) 2013-10-03 04:12

- Relationships

-  Notes
mhLearn (reporter)
2013-10-03 03:52

Same case happened to port 1433 and 3306, from internal zones to RED. Need to disabled "Allow With IPS" or disabled Intrusion Prevention, only then it works fine again.

- Issue History
Date Modified Username Field Change
2013-10-02 12:50 mhLearn New Issue
2013-10-03 03:52 mhLearn Note Added: 0008546
2013-10-03 04:12 mhLearn File Added: IPS_error_tcp port 1433.jpg
2014-04-30 18:46 Anonymous Status new => closed
2014-04-30 18:46 Anonymous Resolution open => fixed
2015-11-18 18:30 Anonymous Status closed => feedback
2015-11-18 18:30 Anonymous Resolution fixed => reopened

Copyright © 2005-2008 Endian, SRL. All rights reserved.

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker