Announcement

Collapse
No announcement yet.

e6 MicroEdge v4.2 Threat Prevention Blocking Site

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • e6 MicroEdge v4.2 Threat Prevention Blocking Site

    I have a client that we have a few e6 Micro Edge devices deployed with v4.2 installed on them... These are being used as just routers at the moment...they arent connected back to Corporate office NGFW yet...

    I got a call from the onsite manager at one of the websites they using for payments wont let them log in. The website loads (https://my.echecks.com/login/deluxe) but when they enter their credentials and click login, it just sits there for a long time and doesnt log in... Tested logging in outside the network and logs right in at this managers house and on his laptop connected to his 5G mobile hotspot...

    I remotely logged into the network and logged into MicroEdge appliance. I turned off web filter...still cant log in just times out... I turned Web Filter back on and tried turning off Threat Prevention...bingo, logs right in....

    How can I get this site working so they can log in with Threat Prevention turned on???? I dont want to leave Threat Prevention turned off for an extended period but I did that for now till I can figure out how to get this website working with it on.

    As a side note...this site is not being blocked at the corporate office running NGFW with Threat Prevention turned on..... So its isolated to MicroEdge v4.2

  • #2
    You can enter whitelisted sites into the Pass List on the Threat Prevention page in Micro Edge, but the issue likely isn't the echecks.com site itself. Most modern websites load a ton of content from third-party sites like Content Delivery Networks (AKA 'CDNs'); those sites can host anything and often get flagged as low reputation due to content hosted elsewhere on the site. Go to Reports > Threat Prevention > Blocked Addresses to see what Threat Prevention is blocking; add anything related to your echecks.com site to Threat Prevention's Pass List and you should be all set.
    Attached Files
    Græme Ravenscroft • Technical Marketing Engineer
    ('gram', like the unit of measurement)
    he/him
    Please don't reboot your NGFW.
    How can we make Arista ETM products better?

    Comment


    • #3
      Thanks for the reply. I did an nslookup for my.echecks.com earlier before emailing support and making this post.. I did try whitelisting the 2 IP's NSLOOKUP returned. For some reason every time I hit SAVE to the Passed IP's in Threat Prevention nothing happened. The box that was open to enter the IP, Subnet and Name wouldn't go away each time I hit save... That's why I emailed support.. I was remotely logged into a PC on the LAN at this remote site that we support, browser open and logged into Admin GUI for the e6...

      After support just emailed me saying the same. I remotely connected to this e6 via Command Center and it did indeed allow me to save the Passed IP's. Unfortunately the IP's returned from doing an NSlookup didn't fix the issue so I did exactly as you suggested and found the 2 IP's threat prevention was blocking each time I tried logging in and and whitelisted them. All is good, client can log into my.echecks.com now....

      Thanks,!

      Comment


      • #4
        Yeah, nslookup is only resolving the specific domain you're asking about. It doesn't load a web page, so it has no idea that other connections might be involved when actually visiting a website. nslookup is sort of like an old phone book: you look up a specific name and get a specific number, but nothing else.

        At any rate, glad to help!
        Græme Ravenscroft • Technical Marketing Engineer
        ('gram', like the unit of measurement)
        he/him
        Please don't reboot your NGFW.
        How can we make Arista ETM products better?

        Comment

        Working...
        X