Support Center > Search Results > SecureKnowledge Details
Connection to Security Gateway on TCP Port 80 and TCP Port 443 is accepted by Implied Rule 0
Symptoms
  • It is possible to connect to Security Gateway on TCP Port 80 and TCP Port 443, although there are no security rules that allows such connections.

  • SmartView Tracker log shows that these connections are accepted by "Implied rule 0" (if "Log Implied Rules" is enabled in "Global Properties").

  • Connection to Security Gateway on TCP Port 80 is still accepted even after disabling all implied rules and installing the policy.

Cause

Due to large number of daemons listening on TCP port 80 and TCP port 443, the new feature called Multi Portal was introduced in R75 GA.

In general, Multi Portal listens to any request on TCP port 80 and TCP port 443, and after the 3-ways TCP handshake is complete, Multi Portal forwards the request to the relevant daemon according to the data context.

If the connection request to TCP port 80 or TCP port 443 is not legitimate (not allowed by the security policy), then the connection is dropped.


Solution
Note: To view this solution you need to Sign In .