NTP and proxy bypass

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NTP and proxy bypass

L2 Linker

Hi i have a problem at the moment where it appears there is a proxy/Vpn application that is using port 123 .

as i have lots of byod devices that require access to NTP i leave the port open.

 

When I look at the monitor logs it source port can be anything from 123 to any other port and the dest port is 123 and P.A is letting me know the application is NTP , hence allowed

 

I have ssl decryption turned on .

 

i am slightly stuck on how i ca allow legitimate NTP traffic as opposed to vpn/proxy using port 123  ?

2 REPLIES 2

Cyber Elite
Cyber Elite

Hello,

At this point it would be the application inspection. In your logs, filter by port 123 and see which applications are using that port. Then rewrite the rule to allow only NTP 'application' and remove the port 'Service'.

So the policy would look similar to:

 image.png

If there is an app using ssl over port 123, you might need an additional policy to allow ssl over port 123.

 

I hope I understood your question correctly. Please let me know if I havent and i'll do my best to answer it correctly.

 

Regards,

Cyber Elite
Cyber Elite

Hi @PaulBrock

 

Are you seeing the vpn/proxybypass be identified as NTP in the traffic logs, or are you seeing the vpn/pbp hit your NTP policy and be allowed by it?

 

 

in case of the latter, @OtakarKlier's solution will solve your issue. In case of the former you'll want to collect as much information as possible (pcaps, paket-diag log feature flow basic + appid basic) and open a support case

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 2501 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!