topic Re: Outside interface listening on HTTPS "502 Bad Gateway" in General Topics

Outside interface listening on HTTPS "502 Bad Gateway"

drewdown — Mon, 08 Feb 2021 20:35:37 GMT

I have this odd issue whereas one of HA Pairs seems to be listening on 443 on its outside interface for GP but I don't use GP and never had. I have a interface profile that allows HTTPS but not from any IP and when I disable that it still shows that page. no GP portal configured either.

How can I stop it from listening on 443 for any source IP?

Re: Outside interface listening on HTTPS "502 Bad Gateway"

reaper — Tue, 09 Feb 2021 09:06:15 GMT

There's a couple of thing that could cause the firewall to 'listen' on the external interface:

- don't enable a management profile on the external interface (even for valid remote admin, set one on the internal interface and apply NAT + security rules)

- is there an inbound rule with a url filtering profile/are response pages enabed on the external interface

- is there an inbound nat rule that's not set properly

- is there an authentication/captive portal rule active that may have been set too wide (any)

Re: Outside interface listening on HTTPS "502 Bad Gateway"

drewdown — Tue, 16 Feb 2021 15:55:38 GMT

It was a lingering GP profile on Panorama pointing to one of the stack templates for this HA pair. Once I removed it that message went away. And FWIW if you have a management profile on an outisde interface and its locked down to source IPs then non-source IPs wont see that port open whereas they do with a GP profile.