Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Issue Setting Up a Policy for Plex

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Issue Setting Up a Policy for Plex

L1 Bithead

Ok so we are testing a way to transcode some videos to distribute to remote users and Plex is working well internally.  I am now trying to set this up so that we can use externally as well.  Here is what I have done.

1)  Created the Object Address for the Plex Server

2)  Created a Security Policy to allow inbound access to the Application "plex"

3)  Created a NAT Policy for the Plex Service to push 32400 to the Plex Server

4) Cmmitted the changes (this is what usually gets me the most)

So I try it out and nothing.  Check the logs and I see:

To Port:  32400

Application:  Not-Applicable (My understanding is that this is showing this because the traffic was matched to a "Service Policy" instead of one defined by an application)

Action:  Deny

Rule:  Block Bad Apps

So I went and moved all of my Plex related policies and rules to the top of every list because my understanding is that it checks from top down to decide which policy to apply and when it matches it's done checking.  Commit again....  same result.

So I looked at the "Block Bad Apps" Security Policy (because that is what it means by "rule"?).  This policy has two application groups to block:  "Avoidance" and "peer-2-peer".  Neither of those contain anything about plex OR port 32400 from what I can tell.  Sure there are applications underneath that say "variable port" or something like that however it just doesn't make sense to me:

1)  Why traffic for port 32400 OR Plex is not being picked up by the rule for such

     Quick note on this...  I have played around with taking out the application and just using port 32400 however that doesn't seem to change anything

2)  Why this policy is blocking the traffic when there is nothing in there about port 32400 from what I can see.

So then I went and disabled the "Block Bad Apps" policy and then I got nothing...  no logs... NOTHING.  Apparently the traffic was not passing through NOR was it logging anything at this point.  So I'm not really sure what is going on.

Anyone have any advice please?

Thank You,

Ryan Hall

1 accepted solution

Accepted Solutions

L1 Bithead

Thanks guys.  I got it working.  When I went back to take screenshots of the policy setting I realized that I had the Security Policy destination pointing to the plex server and not my external IP that I am hitting.

Thank you guys.

View solution in original post

5 REPLIES 5

L3 Networker

It looks like you need to place your new rule allowing Plex connectivity before the "Block Bad Apps" security policy in the rule list.

I assume when you say "before" you mean "above" in the list correct?

from above:

So I went and moved all of my Plex related policies and rules to the top of every list because my understanding is that it checks from top down to decide which policy to apply and when it matches it's done checking.  Commit again....  same result.

I put them on the top.  Same result.

L3 Networker

Do you have a Block_ALL Rule at the end of your rulebase? Like Source(Any)->Destination(Any)->Service/Application(Any)-> Deny? If there is no rule which blocks the traffic with logging at the end of session, it is not logged.

Could you post a screenshot of your NAT and Security Policy for the PLEX application?

Yeah, by above I did mean before. Sorry, I missed in your first post that you had placed your Plex rule first.

Could the src/dest Zones on the rules be out?  They'll likely be different between the Security and NAT rules...

L1 Bithead

Thanks guys.  I got it working.  When I went back to take screenshots of the policy setting I realized that I had the Security Policy destination pointing to the plex server and not my external IP that I am hitting.

Thank you guys.

  • 1 accepted solution
  • 6452 Views
  • 5 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!