01-08-2008 10:51 AM - edited 03-10-2019 03:56 AM
Hi
I have production server which as CSA5.0 installed, I get this error message flagged on CSA. It is managed via MC 5.0.
attempted to accept a connection as a server on TCP port 445 from 10.9.2.3. The operation was denied.
Is there way to set this rule in policies and attach to group so that https is allowed and not blocked to this server.
THANKS
Muhammad
01-08-2008 11:08 AM
Hi Muhammad,
First, confirm you want to allow this server to share resources. 445 is Microsoft-DS (SMB shares), not HTTPS.
If so, either create a network address set and use it with a Network Access Control allow rule or add the IP address to an allow rule for TCP/445.
Tom
01-08-2008 01:41 PM
Thanks Tom,
Basically it is sql database replication and updates to other server.
Could you pls guide me step by step to create and allow this rule if possible.
kind regards,
muhammad
01-08-2008 04:49 PM
Hi Muhammad, use the Event Management Wizard on the alert and that should guide you through creating the rule.
It should create a NAC rule allowing 445 traffic to the app (listed in the alert) on the server and you can choose the addresses you want to allow.
Check the rule it creates to confirm it is not too broad in allowing 445 traffic as that is a popular attack vector.
Tom
01-09-2008 01:23 AM
Thanks Tom, just quick one, how can i push this rule to all the hosts. Do i have to reset the hosts from MC or each time CSA polls and get the new config.
thanks in advance,
muhammad
01-10-2008 10:06 AM
Just create the rule and make sure it is associated with the rule module/policy/group and the hosts will get it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide