Netgate SG-3100 Blocking?
-
Here's the short story. Our server are managed by Nessus Manager for vulnerability scanning. These scans go to another org automatically. The IP and Port for this manager is open and was showing traffic up until 3 days ago. I have done packet capture on firewall and see these two IP's talking. But the other org it just stopped transmitting to them for no reason. Basically when the two are talking our server is not getting a response from their manager. We have changed nothing on our systems. I did wire shark and it also shows to be talking, but no activity for the specified port. Our server is resetting when it doesn't get an answer from the other server. Nessus gives a code 2, ssl error. Could the firewall still be blocking it somehow? We have ruled out everything on our side. I have checked every option on the firewall and do not see it getting blocked at all. Like I said it was working 3 days ago. The other org states they did change anything either. Any ideas?
-
@skiteer747 said in Netgate SG-3100 Blocking?:
Nessus gives a code 2, ssl error.
SSL error to what/where?
First thing I would check is certificates used, see if any expired. Wasn't there a topic somewhere recently about something expiring soon (as in may have expired today or yesterday)? -
@mer thanks for the response. the code 2, ssl error is when it manages to connect to the nessus management server. I was thinking we were missing something in the netgate but cant find anything. the exact error is SSL error encoutered when negotiating with IP , Code 2 SSL want read.
-
@skiteer747 Packet captures everywhere are your best friend (and you've already done that).
I'm guessing that the port is an SSL connection (makes a lot of sense) and if you see no traffic from either side to/from that port, that's the clue.