HTTP/S Proxy Blocking Traffic that is not logged?
We are having trouble connecting our Pitney Bowes postage meter to download postage. This previously worked. Their support is thinking it is our Firewall, but no changes have been made that should affect this connection (443/80) and nothing is being logged as denied for the postage meters IP. I am seeing some allowed traffic from the meter to Pitney Bowes.
Is it possible that traffic is being blocked without being logged? Anything else I should be checking?
0
Sign In to comment.
Comments
It is possible on your HTTP or HTTPS proxy policies that you do have some deny entries which are not set to Log.
You need to check all of the proxy options to see.
Also, for debugging of a proxy, turn on Logging on all settings which are allowed.
You could use a HTTP/HTTPS packet filter To: the Pitney Bowes domain name or IP addrs instead.
@gveld
If the postage meter is making the attempt on the same connection, you'll only see the initial deny line. (Log line = 1 connection)
The easiest way to ensure that it's using a new connection is to reboot it or the firewall, which will force a new connection.
As far as I'm aware, the traffic the meter is sending isn't actually HTTP/S, and is just using those ports, so it won't pass the proxy. Making a packet filter from that devices IP to the services that it's trying to use is what most customers end up doing for these devices.
PB list the domains/IPs they use for each product here:
https://www.pitneybowes.com/us/support/article/000047632/networking-and-connectivity-details-for-the-connect-series-and-s.html
(This is the most comprehensive list they appear to have. Your device may use a subset of these.)
Making a custom packet filter
FROM: the IP of the meter
TO: The destinations the meter needs to access based on the KB above
Ports: 80 and 443 TCP.
Should get the device running as you expect.
-James Carson
WatchGuard Customer Support
Solved. Creating the custom packet filter fixed the issue.
Thanks!