Hi since 11am yesterday ports 80 & 443 have become blocked, even though we have made no configuration changes at all.
Has anyone else had this issue, and what can I do about it? We have port forwarding setup which isn't working because of this.
We have an MX100 firewall.
Thanks
This is an inbound port 80 and 443?
Can you browse directly to the internal IP address of the server (proving the server is still working)?
Has your static IP address changed? Is your DNS still pointing at the correct IP address?
If you do a packet capture do you see the traffic hitting the MX?
Hi Philip, yes I can go to the internal server no problem and it shows ports 80 & 443 being open, our static IP hasn't changed and I've checked the DNS still points to the correct IP address.
Do you mean do a packet capture in the MX?
>Do you mean do a packet capture in the MX?
Yes.
Can the internal server still access the Internet (perhaps it has a bad default route)?
Any software firewall running on the server that might be blocking remote subnets (like Windows Firewall)?
The internal linux Nginx server can still ping externally, and nothing's running that would block any ports, in fact it shows as ports 80 & 443 open and listening.
We haven't made any changes on it.
Hi,
194.70.89.182 is this IP on which Port Forwarding is enabled?
Can you confirm you can get to these services on the local LAN?
Perform a capture on the mx and confirm the translation is happening.
check events on the portal around the time it stopped
perhaps whitelist IP in threat protection if applicable
reboot unit
upgrade code if your not running the latest
Hope this helps
Packet capture on the MX for port 443 shows traffic but i don't know what it means
10:41:08.971426 IP 194.70.89.182.49422 > 52.97.174.98.443: Flags [.], ack 929720, win 1485, length 0
10:41:08.971467 IP 194.70.89.182.49422 > 52.97.174.98.443: Flags [.], ack 932640, win 1474, length 0
10:41:08.971489 IP 52.97.174.98.443 > 194.70.89.182.49422: Flags [.], seq 938480:939940, ack 4814, win 2053, length 1460
Port testing sites show both ports blocked to IP 194.70.89.182
Check Security Center event log to see if there is anything blocking.
https://documentation.meraki.com/MX/Monitoring_and_Reporting/Security_Center
I also can access http and https on 194.70.89.182.