MeshAgent Blocked By PaySafe Firewall

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.

https://meshcentral.com

Apache License 2.0

4.11k stars 552 forks source link

MeshAgent Blocked By PaySafe Firewall #4855

Open calub77 opened 1 year ago

calub77 commented 1 year ago

I can not seem to get any access to a server that is behind a PaySafe Firewall. i have read all the port posts that i could find and i understand that the agent only makes outgoing calls on 80, 44, and 4433. Unfortunately PDI Technologies gives no access to end users to make changes or check logs all they give is a PaySafe Firewall Change Request Form. so i have no idea how they are handling their rules or nat or etc.. Form attached at bottom. main question is if the agent only makes outgoing calls what port does the server use when accessing the remote computer for remote access?

OS: Windows
Virtualization: N/A
Network: LAN/WAN
Version: 1.0.90
Node: Not Sure

Server

Device: Server
OS: server 2016
Network: Remote over WAN
Browser: Google Chrome
MeshCentralRouter Version: N/A

Remote

Device: Server
OS: server 2016
Network: Remote over WAN
Current Core Version 461107747 Documents: PDIFirewallChangeRequest-v6 (1).pdf

OutbackMatt commented 1 year ago

I use a reverse proxy, and set my mesh clients to call out on port 443 (standard https port) I don't have issues with the clients not getting out.

this is in my config.json

"Port": 444, "AliasPort": 443,

Then in my reverse proxy, I redirect all mesh.example.com calls on port 443 to port 444

mesh clients are created with port 443 as the destination port

calub77 commented 1 year ago

I don't think changing my config.json file will help.. the server is running behind a sonicwall with 112 node working fine.. my guess is that the paysafe may use a whitelist per program function but cant look so I really don't know. I do know the server can access the internet so I would assume that 80 and 443 is open but when i install meshagent it does not show up in the console.. would 4433 not being open cause it to not communicate at all?

calub77 commented 1 year ago

Additional info.. PaySafe splits there network by subnets.. ie. managment nodes on 192.168.46.0/24 server on 192.168.40.0/24 I would assume they do this to isolate the server from attacks

OutbackMatt commented 1 year ago

I would 4433 not being open cause it to not communicate at all? Absolutely Many firewalls block outgoing packets on unusual ports.

Having the packets be for port 443 makes a huge difference

calub77 commented 1 year ago

i will request them open the "agentport" and see if it fixes the issue... thanks

PathfinderNetworks commented 1 year ago

What happens if you try to just use a web browser to pull up your MeshCentral console from one of the servers? Does it allow the website to come up and let you log in or does it block that as well? If it is blocking even the website then it's likely they are using a whitelist for allowed websites/services.

calub77 commented 1 year ago

that is a good point.. I don't think I tried to access the website from that node. I will try that too.. thanks

dinger1986 commented 11 months ago

Is this still an issue?