Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
Junior Member
Join Date: Jan 2011
Posts: 3
#1 (permalink)  
Old 01-06-2011, 01:25 PM
Default can't open Serverview RAID-Manager inside LAN

Hi There.

I'm unable to open the RAID-Manager inside the LAN.
If i open VPN and try it, it works.
What i've to do to get it working?

Server IP is 192.168.66.2
Port is 3173

https://192.168.66.2:3173


Hallo zusammen.

Bin newbie was Astaro's angeht. Hab zwar "schon" VPN mit CA eingerichtet und kleinere Regeln, das war's dann aber auch. Probiert habe ich schon einiges (Server für alles freigeschaltet, Port mit 3173 freigeschaltet von Server zu Server / von Server zu LAN) aber leider kein Glück damit gehabt.

Wer kann mir helfen?

Danke im Voraus.

MfG
ITger

P.S. Astaro (V7) and Server (TX200 S6) are different Systems
Reply With Quote
Scott_Klassen's Avatar
Agent of the System
Join Date: Feb 2006
Posts: 4,742
#2 (permalink)  
Old 01-06-2011, 01:54 PM
Default

Just to be clear, are you saying that an external client machine connecting to you LAN through Astaro can connect to this webapp, but a client within the LAN cannot?

If this is the case, is the LAN client that cannot connect on the same interface on the Astaro as the machine hosting the webapp?
Reply With Quote
Junior Member
Join Date: Jan 2011
Posts: 3
#3 (permalink)  
Old 01-06-2011, 02:09 PM
Default

Quote:
Originally Posted by Scott_Klassen View Post
Just to be clear, are you saying that an external client machine connecting to you LAN through Astaro can connect to this webapp, but a client within the LAN cannot?

If this is the case, is the LAN client that cannot connect on the same interface on the Astaro as the machine hosting the webapp?
Hi Scott.

Yes, if i connect through VPN (all Services enabled) i can connect to the RAID-Manager. If i try it from the Server that the Software self is installed, i get the IE Message "cannot open this Site". The Adress the Browser will open is https://servername:3173 - if i try this side through VPN it works without any Problem.

If i open the Serverview-Agent Programm, thers a link inside to the RAID Manager too but with the Link https://servername.internaldomain:3173 and there i see the Astaro forbidden Site with the Info "Service not allowed".

???`

br
ITger

Last edited by ITger; 01-06-2011 at 02:12 PM.
Reply With Quote
Scott_Klassen's Avatar
Agent of the System
Join Date: Feb 2006
Posts: 4,742
#4 (permalink)  
Old 01-06-2011, 02:58 PM
Default

Ah ok. I'm guessing that you have it set so that VPN clients bypass the Web Proxy and your internal client systems have Astaro set as proxy in the browser which would explain why your seeing this from one connection, but not another.

Following the basic steps in this kb article should get you fixed up: https://support.astaro.com/support/i..._error_message
Reply With Quote
Junior Member
Join Date: Jan 2011
Posts: 3
#5 (permalink)  
Old 01-06-2011, 04:54 PM
Default

Quote:
Originally Posted by Scott_Klassen View Post
Ah ok. I'm guessing that you have it set so that VPN clients bypass the Web Proxy and your internal client systems have Astaro set as proxy in the browser which would explain why your seeing this from one connection, but not another.

Following the basic steps in this kb article should get you fixed up: https://support.astaro.com/support/i..._error_message
Hi Scott.

I followed the steps but now, with both adresses, i get the IE message "can't open...", i don't get the Astaro-Site "Service not allowed" anymore...


br
ITger
Reply With Quote
Wizard
Join Date: Sep 2009
Location: Düren, NRW, Germany
Posts: 765
#6 (permalink)  
Old 01-06-2011, 05:37 PM
Default

A simple try would be to unconfigure the proxy from the browser (or use an other browser with no proxy configured ) on the client on the inside LAN to confirm if it's an issue from the browser config. I would try https://servername:3173 or https://ipaddress:3173.

Regards
Manfred
Reply With Quote
Scott_Klassen's Avatar
Agent of the System
Join Date: Feb 2006
Posts: 4,742
#7 (permalink)  
Old 01-06-2011, 05:43 PM
Default

Do you also see this when connecting by IP Address (https://192.168.66.2:3173)?

Check the Content Filter log for one of the new failed connection attempts. What does it say?

If something in the web proxy is still blocking the connection (there can be more than one), we can try creating an exception for that webapp. If you don't know what component may be the issue, you can begin by either adding components to the exception list one by one or add them all at first, then remove one by one. In both cases testing between add or removal until you find the culprit.

Another possibility is that since the traffic is being forced by proxy setting through the Astaro, even though it's in and out through the same interface, that other sections of Astaro are coming into play. Possibilities here are Packet Filter, IPS, and IM/P2P. Check those logs and it wouldn't hurt to do a quick temporary PF allow rule for port 3173 just to test.

Last thing that comes to mind right now is are you just setting in the browser that all web traffic should go through the proxy (Astaro), or are you using a wpad.dat or proxy.pac? It's generally considered best practice to bypass proxy usage for intranet sites in order to avoid the same issues that you're experiencing. http://findproxyforurl.com/pac_file_examples.html or http://www.craigjconsulting.com/proxypac.html give some examples. This can also be done directly in the browser settings. For IE it'll be a checkbox for "Bypass proxy settings for local addresses".

Last edited by Scott_Klassen; 01-06-2011 at 06:15 PM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 03:56 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.