Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

CSA 5.0 LOG

Hi

I have production server which as CSA5.0 installed, I get this error message flagged on CSA. It is managed via MC 5.0.

attempted to accept a connection as a server on TCP port 445 from 10.9.2.3. The operation was denied.

Is there way to set this rule in policies and attach to group so that https is allowed and not blocked to this server.

THANKS

Muhammad

5 REPLIES
Blue

Re: CSA 5.0 LOG

Hi Muhammad,

First, confirm you want to allow this server to share resources. 445 is Microsoft-DS (SMB shares), not HTTPS.

If so, either create a network address set and use it with a Network Access Control allow rule or add the IP address to an allow rule for TCP/445.

Tom

Community Member

Re: CSA 5.0 LOG

Thanks Tom,

Basically it is sql database replication and updates to other server.

Could you pls guide me step by step to create and allow this rule if possible.

kind regards,

muhammad

Blue

Re: CSA 5.0 LOG

Hi Muhammad, use the Event Management Wizard on the alert and that should guide you through creating the rule.

It should create a NAC rule allowing 445 traffic to the app (listed in the alert) on the server and you can choose the addresses you want to allow.

Check the rule it creates to confirm it is not too broad in allowing 445 traffic as that is a popular attack vector.

Tom

Community Member

Re: CSA 5.0 LOG

Thanks Tom, just quick one, how can i push this rule to all the hosts. Do i have to reset the hosts from MC or each time CSA polls and get the new config.

thanks in advance,

muhammad

Blue

Re: CSA 5.0 LOG

Just create the rule and make sure it is associated with the rule module/policy/group and the hosts will get it.

141
Views
5
Helpful
5
Replies
CreatePlease to create content