07-17-2018 03:48 PM
I apologized if i posted i the wrong area. To start off with, we just got our PA-820 recently. We have a weird issue, where one day an application will work without problems and another day the Instant Messaging part of the app fails to connect.
I looked at the logs yesterday when it wasn't working and noticed a lot of logs in the traffic section showing destination IP address for the service and the port 5280 with the Session end showing "TCP-RST-from-Server". I tested the application with a mobile hotspot and it worked just fine, so i limited it down to the firewall.
Today the applicatoin is working and when searching the logs, nothing shows up.
I"m kind of at a loss where to start as i'm learning about managing the Firewall. I think it has something to do with SSL encryption, but it's just my hunch. Ideas?
07-17-2018 05:29 PM
It would be helpful to know which application you are actually having issues with, so that we can properly troubleshoot. Without that we're troubleshooting something that could be a known issue.
Generally speaking RST from Server wouldn't be caused by the firewall; as the traffic according to the log made it to the server perfectly fine and it was the Server itself that sent the reset. This could be a range of issues.
Are you by chance decrypting this traffic or have you not set that up yet?
07-17-2018 06:03 PM - edited 07-17-2018 06:19 PM
Mitel Connect is the Application which uses port 5280 and we have another program CDK DRIVE that also uses the port 5280.
The strange part is yesterday there was over 120+ PC's showing in the logs when searching port 5280. Yesterday my IP address was in this list and the IM part of the program wasn't working.
Today if i search by port 5280 it shows logs for 37 IP addresses. I'm not in that list of IP addresses and it works fine today.
I thought all traffic showed in the traffic log? Is it when there is an issue with SSL encryption? I read there was an issue when multiple applicatoins share the same port, but that was fixed in 220.127.116.11 and i'm running 8.1.1
Under Policies> Decryption we have nothing configured yet.
Log from my IP address yesterday.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!