Ports 80 & 443 blocked

steve4
New here

Ports 80 & 443 blocked

Hi since 11am yesterday ports 80 & 443 have become blocked, even though we have made no configuration changes at all.

 

Has anyone else had this issue, and what can I do about it? We have port forwarding setup which isn't working because of this.

 

We have an MX100 firewall.

 

Thanks

9 Replies 9
PhilipDAth
Kind of a big deal
Kind of a big deal

This is an inbound port 80 and 443?

 

Can you browse directly to the internal IP address of the server (proving the server is still working)?

 

Has your static IP address changed?  Is your DNS still pointing at the correct IP address?

 

If you do a packet capture do you see the traffic hitting the MX?

Hi Philip, yes I can go to the internal server no problem and it shows ports 80 & 443 being open, our static IP hasn't changed and I've checked the DNS still points to the correct IP address.

 

Do you mean do a packet capture in the MX?

PhilipDAth
Kind of a big deal
Kind of a big deal

>Do you mean do a packet capture in the MX?

 

Yes.

 

Can the internal server still access the Internet (perhaps it has a bad default route)?

 

Any software firewall running on the server that might be blocking remote subnets (like Windows Firewall)?

The internal linux Nginx server can still ping externally, and nothing's running that would block any ports, in fact it shows as ports 80 & 443 open and listening.

We haven't made any changes on it.

AjitKumar
Head in the Cloud

Hi,

194.70.89.182 is this IP on which Port Forwarding is enabled?

 

 

Page 1.PNG

 

Page 2.PNG

 

Page 3.PNG

 

 

Regards,
Ajit
AjitsNW@gmail.com
www.ajit.network
General-Zod
Getting noticed

Can you confirm you can get to these services on the local LAN?

 

Perform a capture on the mx and confirm the translation is happening.

 

check events on the portal around the time it stopped

 

perhaps whitelist IP in threat protection if applicable 

 

reboot unit

 

upgrade code if your not running the latest

 

Hope this helps

 

Packet capture on the MX for port 443 shows traffic but i don't know what it means

 

10:41:08.971426 IP 194.70.89.182.49422 > 52.97.174.98.443: Flags [.], ack 929720, win 1485, length 0
10:41:08.971467 IP 194.70.89.182.49422 > 52.97.174.98.443: Flags [.], ack 932640, win 1474, length 0
10:41:08.971489 IP 52.97.174.98.443 > 194.70.89.182.49422: Flags [.], seq 938480:939940, ack 4814, win 2053, length 1460

 

Port testing sites show both ports blocked to IP 194.70.89.182

SoCalRacer
Kind of a big deal

Check Security Center event log to see if there is anything blocking.

 

https://documentation.meraki.com/MX/Monitoring_and_Reporting/Security_Center

PhilipDAth
Kind of a big deal
Kind of a big deal

I also can access http and https on 194.70.89.182.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels