Can not connect on HTTPS port number Cisco Ironport


We are developing some Apex web applications in the cloud. We utilise the Cisco Ironport web proxy filters.

 

APEX uses port 4848 and 8181 to connect to by default. The problem that I was facing was that Chrome had the following error

 

Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.

 

And the Iron port log displayed

 

1344331467.525 0 10.0.2.8 TCP_DENIED/407 1656 CONNECT tunnel://xxxxx:4848/ – NONE/- – OTHER-NONE-IT_Department_Special_Priv-NONE-NONE-NONE-NONE <-,-,”-“,”-“,-,-,-,”-“,”-“,-,-,-,”-“,”-“,-,”-“,”-“,-,-,-,-,”-“,”-“,”-“,”-“,”-“,”-“,0.00,0,-,”-“,”-“> – – –
1344331467.526 0 10.0.2.8 TCP_DENIED/407 1656 CONNECT tunnel://xxxxxx:4848/ – NONE/- – OTHER-NONE-IT_Department_Special_Priv-NONE-NONE-NONE-NONE <-,-,”-“,”-“,-,-,-,”-“,”-“,-,-,-,”-“,”-“,-,”-“,”-“,-,-,-,-,”-“,”-“,”-“,”-“,”-“,”-“,0.00,0,-,”-“,”-“> – – –
1344331467.531 0 10.0.2.8 TCP_DENIED/407 551 CONNECT tunnel://xxxxx:4848/ – NONE/- – OTHER-NONE-IT_Department_Special_Priv-NONE-NONE-NONE-NONE <-,-,”-“,”-“,-,-,-,”-“,”-“,-,-,-,”-“,”-“,-,”-“,”-“,-,-,-,-,”-“,”-“,”-“,”-“,”-“,”-“,0.00,0,-,”-“,”-“> – – –
1344331467.539 5 10.0.2.8 TCP_DENIED/403 1653 CONNECT tunnel://xxxxxx:4848/ “alistair henderson@NTLMRealm” NONE/- – BLOCK_ADMIN_CONNECT_11-IT_Special_Priv-IT_Department_Special_Priv-NONE-NONE-NONE-NONE <xxx-,”-“,”-“,-,-,-,”-“,”-“,-,-,-,”-“,”-“,-,”-“,”-“,-,-,-,-,”-“,”-“,”-“,”-“,”-“,”-“,2644.80,0,-,”-“,”-“> – xxxxx

Apology for the xxxxx it is to protect the innocent 🙂

The answer was not clear as it is a little buried in the configuration of Iron Port.

 

Open you the configuration console of the appliance or management appliance and navigate to the Access Policy screen.

I want all the users to have access to these ports so I am setting it at the group policy level.

 

This will display the Protocols page

 

 

Enter the Port numbers that you want to give access too

 

 

 

 

 

 

Advertisements

5 Comments on “Can not connect on HTTPS port number Cisco Ironport”

  1. Nick says:

    Amazing, thank you. I have been searching for this information for hours, and finally I found this nugget. I hate the way the ironport interface buries it’s config behind random links!

  2. Tiffiny says:

    This article was a huge help for me as well this morning. Thank you!

  3. Danish says:

    solve the issue

  4. Max says:

    Thanks, i was looking for the same issue! good KB!

  5. lokuhetty says:

    Thanks a lot. I had the same problem and yours was the only information that I could find on ..


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s