Security

Reply
Contributor I

Open firewall ports for a domain name?

Trying to allow Whispersystems Signal app communicate. From their website,

 

"Please allow *.whispersystems.org, TCP ports 80, 8443, 4433, 443, and 31337, and all UDP. If you have a transparent or reverse proxy it needs to support WebSockets.

Signal uses a non-standard TCP port to catch filtering issues at the signaling step and a random UDP port. All UDP ports will need to be opened. The underlying IPs are constantly changing, so it'd be hard to define accurate firewall rules."

 

Im not seeing how to allow *.whispersystems.org in the controller firewall. I tried creating a stateful firewall with the name *.whispersystems.org and allow all. But that didnt work.

 

Any ideas?

 

 

Guru Elite

Re: Open firewall ports for a domain name?

Did you create a netdestination and then permit the user alias to the netdestination alias?

Please show the output of: show rights

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Open firewall ports for a domain name?

I then created a policy called Whisper, under my guest role. Here is the print out.

 

guest                     5    Up: No Limit,Dn: No Limit  global-sacl/,apprf-guest-sacl/,dhcp-acl/,ra-guard/,https-acl/,dns-acl/,Proxy Test/,WiFi-Calling/,http-acl/,icmp-acl/,torp/,Commercial-Email/,Whisper/,WhatsApp/,denyall-log/,v6-http-acl/,v6-https-acl/,v6-dhcp-acl/,v6-icmp-acl/,v6-dns-acl/  User

Guru Elite

Re: Open firewall ports for a domain name?

Please post the output of: show rights

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Open firewall ports for a domain name?

RoleTable
---------
Name                      ACL  Bandwidth                  ACL List                                                                                                                                                                                                                                           Type
----                      ---  ---------                  --------                                                                                                                                                                                                                                           ----
guest-captive-portal  73   Up: No Limit,Dn: No Limit  global-sacl/,apprf-guest-captive-portal-sacl/                                                                                                                                                                                                  User
guest-logon           72   Up: No Limit,Dn: No Limit  global-sacl/,apprf-guest-logon-sacl/,allow-CPPM/,logon-control/,captiveportal/                                                                                                                                                             User
ap-role                   7    Up: No Limit,Dn: No Limit  ra-guard/,control/,ap-acl/,v6-control/,v6-ap-acl/                                                                                                                                                                                                  System
authenticated             71   Up: No Limit,Dn: No Limit  global-sacl/,apprf-authenticated-sacl/,ra-guard/,allowall/,v6-allowall/                                                                                                                                                                            User
cpbase                    70   Up: No Limit,Dn: No Limit  global-sacl/,apprf-cpbase-sacl/                                                                                                                                                                                                                    User
default-iap-user-role     11   Up: No Limit,Dn: No Limit  allowall/                                                                                                                                                                                                                                          User
default-via-role          67   Up: No Limit,Dn: No Limit  global-sacl/,apprf-default-via-role-sacl/,allowall/                                                                                                                                                                                                User
default-vpn-role          69   Up: No Limit,Dn: No Limit  global-sacl/,apprf-default-vpn-role-sacl/,ra-guard/,allowall/,v6-allowall/                                                                                                                                                                         User
denyall                   74   Up: No Limit,Dn: No Limit                                                                                                                                                                                                                                                     User
guest                     5    Up: No Limit,Dn: No Limit  global-sacl/,apprf-guest-sacl/,dhcp-acl/,ra-guard/,https-acl/,dns-acl/,Proxy Test/,WiFi-Calling/,http-acl/,icmp-acl/,torp/,Commercial-Email/,Whisper/,WhatsApp/,denyall-log/,v6-http-acl/,v6-https-acl/,v6-dhcp-acl/,v6-icmp-acl/,v6-dns-acl/  User
guest-logon               10   Up: No Limit,Dn: No Limit  ra-guard/,logon-control/,captiveportal/,v6-logon-control/,captiveportal6/                                                                                                                                                                          User
logon                     2    Up: No Limit,Dn: No Limit  ra-guard/,logon-control/,captiveportal/,vpnlogon/,v6-logon-control/,captiveportal6/                                                                                                                                                                User
stateful-dot1x            8    Up: No Limit,Dn: No Limit  global-sacl/,apprf-stateful-dot1x-sacl/                                                                                                                                                                                                            System
sys-ap-role               12   Up: No Limit,Dn: No Limit  sys-control/,sys-ap-acl/                                                                                                                                                                                                                           System
voice                     68   Up: No Limit,Dn: No Limit  global-sacl/,apprf-voice-sacl/,ra-guard/,sip-acl/,noe-acl/,svp-acl/,vocera-acl/,skinny-acl/,h323-acl/,dhcp-acl/,tftp-acl/,dns-acl/,icmp-acl/                                                                                                       User

Guru Elite

Re: Open firewall ports for a domain name?

You need to run that command at the CLI. Looks like you’re copying from the GUI.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Open firewall ports for a domain name?

That is from the CLI

 

 

Guru Elite

Re: Open firewall ports for a domain name?

Sorry, reply by email was stripping out part of the command: show rights < role name >


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Open firewall ports for a domain name?

Nevermind, im an idiot. I forgot to add the route back in.

 

Everything is working now.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: