Support Center > Search Results > SecureKnowledge Details
Connection on TCP port 443 is blocked on 600 and 1100 appliances
Symptoms
  • On 600 and 1100 appliances, establishing secured connections on TCP port 443 to internal servers is prevented by the Security Gateway (for example - an inbound connection to an internal OWA server from the Internet).
Cause

On 600 and 1100 appliances, the Visitor Mode, which is used by Endpoint Connect clients, is enabled and set by default to listen on port 443.


Solution

To resolve the problem, the Security Gateway must listen on port 443 only for defined servers and for configured port-forwarding policies.

To enable and reserve the port 443 for port forwarding, perform the following:

  1. Log in to the WebGUI of the 600/1100 appliance.

  2. Go to "System" - click the "Device" tab - choose the "Advanced Settings" option.

  3. Click on the "Type to filter" searching line and enter "443".

  4. Double-click to edit the attribute: "Remote Access - Reserve port 443 for port forwarding" - a pop up window will appear:

    Note: This attribute appears only on R75.20 HFA_20 (sk93586) and only on Locally Managed appliance.

    The "Remote Access Port" is set to 443 by default; it is recommended to change it to a different random port (for example 10000)


  5. Check the box "Reserve Port 443 for port forwarding".

  6. Click "Apply".

 

Note: By changing the predefined remote access port, the VPN Remote Access users will have to use the new port to be able to connect.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment