question

Jackson1990-7147 avatar image
0 Votes"
Jackson1990-7147 asked ricardosolisvillegas-4678 answered

Firewall issue

Hi,
I got port filtered issue on port 443. What reasons can be identified on the firewall?

windows-serverwindows-platform-network
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ricardosolisvillegas-4678 avatar image
0 Votes"
ricardosolisvillegas-4678 answered

Hello @Jackson1990-7147

Thank you for your heads up.

I would like to add another suggestion besides the ones given from @MotoX80 and @LimitlessTechnology-2700 : )
When you are referring to a FW issue, I might thing if it is stateful firewall or the opposite. Please correct me If I am mistaken on this.

I want to understand more the issue you are experiencing now. So any relevant detail is more than welcome.. Because it seems to be 2 issues as per previous threads.

Having said that, it is not normal to have the port 443 blocked since it is a well known port and most services nowadays and for that reason I wonder if you have checked the next settings(assuming the device type).

-netstat command from CMD(To check listening ports)
-route print command(check ip table)
-Iperf (to send strings of data on a specific port)
-Since you are stating about a certificate so it is a SSL/TLS certificate but the question is.... Is this a self-signed certificate or which one?
-Are you matching all the TLS/SSL attributes for this correctly?
-The device using the certificate is able to support the cipher suites for this 2way traffic?
-Have you taken a packet capture to check the TLS/SSL handshake messages?
-Was this working before?
and so on....

Looking forward to your feedback

BR,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TKujala avatar image
0 Votes"
TKujala answered Jackson1990-7147 edited

Hi @Jackson1990-7147,

Do you want to block TCP 443 connections?

You can create an inbound port rule.

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

It was SMTP issue that Email was not sent properly, due to that port 443 has been filtered. How to fix this? Please help to the attached issue.
203507-image.png


203520-image.png


0 Votes 0 ·
image.png (24.2 KiB)
image.png (10.9 KiB)
47451047 avatar image 47451047 Jackson1990-7147 ·

SMTP uses port 25.

0 Votes 0 ·
47451047 avatar image 47451047 Jackson1990-7147 ·

Outgoing traffic is not blocked by default.

0 Votes 0 ·

Hi,
Can you help to the issues in above?

0 Votes 0 ·
Show more comments
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered Jackson1990-7147 commented

Hello Jackson1990

By default Port 443 should be always set by the system as LISTENING The main reason to appear as FILTERED means that either Windows Firewall, 3rd Party security software or intermediate Hardware or Software Firewall are filtering or monitoring this port.

My suggestion would be to:
1- Disable Windows Firewall and repeat the test. If this fixes the issue you can set an Open rule for port 443 using the powershell cmdlet New-NetFirewallRule : https://docs.microsoft.com/en-us/powershell/module/netsecurity/new-netfirewallrule?view=windowsserver2022-ps
2- Run a clean boot to disable 3rd Party security apps: https://support.microsoft.com/en-us/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd
3- If none of the avobe works, you should consult with your ISP to check the configuration of your router, or consult with the Network administrator of your organization in order to investigate intermediate Firewalls



--If the reply is helpful, please Upvote and Accept as answer--

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
I have the proper certificate for the FTP name but there is still issue with the filtered port 443. Any other reason to this?

0 Votes 0 ·

Hi,
Can you also help to the issue below?
205843-image.png


0 Votes 0 ·
image.png (28.1 KiB)
MotoX80 avatar image
0 Votes"
MotoX80 answered ricardosolisvillegas-4678 edited

Open a command prompt and run ipconfig. Then open a browser and navigate to canyouseeme.org. If the IP addresses are the same, then your server is directly exposed on the internet and the Windows firewall software must be used to manage access. If they are different, then your server is sitting behind a network device and you will need to enable port forwarding on that device to have an internet request for any port routed to the private network IP address of your server.

As I have replied before, no one can help you until you provide detailed information about your network configuration and what you are trying to accomplish.


206052-capture1.png



capture1.png (97.2 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
I opened port 443 on firewall. What can be the other reason that it is filtered on port 443?

1 Vote 1 ·