Outside interface listening on HTTPS "502 Bad Gateway"

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Outside interface listening on HTTPS "502 Bad Gateway"

L4 Transporter

I have this odd issue whereas one of HA Pairs seems to be listening on 443 on its outside interface for GP but I don't use GP and never had.  I have a interface profile that allows HTTPS but not from any IP and when I disable that it still shows that page.  no GP portal configured either.

 

How can I stop it from listening on 443 for any source IP?

 

drewdown_0-1612816320888.png

 

2 REPLIES 2

Cyber Elite
Cyber Elite

There's a couple of thing that could cause the firewall to 'listen' on the external interface:

 

- don't enable a management profile on the external interface (even for valid remote admin, set one on the internal interface and apply NAT + security rules)

- is there an inbound rule with a url filtering profile/are response pages enabed on the external interface

- is there an inbound nat rule that's not set properly

- is there an authentication/captive portal rule active that may have been set too wide (any)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

It was a lingering GP profile on Panorama pointing to one of the stack templates for this HA pair.  Once I removed it that message went away.  And FWIW if you have a management profile on an outisde interface and its locked down to source IPs then non-source IPs wont see that port open whereas they do with a GP profile.  

  • 2138 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!