logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
gerardobrien  
#1 Posted : Thursday, April 6, 2017 12:00:10 AM(UTC)
gerardobrien


Rank: Guest

Joined: 3/15/2017(UTC)
Posts: 5
Australia
Location: Sydney

Hey I'm currently trialing the self hosted version.

I was wondering if it was possible to share port 443 for web server and relay?

Our SC is behind a WAF that wont allow non standard ports.

Anyone done this before? We are using Windows.

Thanks
marktoo  
#2 Posted : Thursday, April 6, 2017 12:43:26 AM(UTC)
marktoo


Rank: Advanced Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 3/29/2015(UTC)
Posts: 99
United States
Location: Metro DC

Thanks: 28 times
Was thanked: 8 time(s) in 7 post(s)
Hey gerardobrien...

Good question. Check this thread (its a bit long but may be what you're looking for).

hth,
Mark
gerardobrien  
#3 Posted : Thursday, April 6, 2017 12:55:24 AM(UTC)
gerardobrien


Rank: Guest

Joined: 3/15/2017(UTC)
Posts: 5
Australia
Location: Sydney

Hey Mark

Yea i actually found your posts and been reading through everything.
I spoke with SC support this morning.. they have raised a ticket for me.

Hopefully i can get it all working. Do you already have this setup and working?
HDClown  
#4 Posted : Thursday, April 6, 2017 8:16:18 AM(UTC)
HDClown


Rank: Newbie

Joined: 3/25/2017(UTC)
Posts: 18
United States

Was thanked: 2 time(s) in 2 post(s)
I've been looking into this too. If you have a WAF, I assume you have some kind of ADC/load balancer like An A10/F5/Netscaler/KEMP/etc? If so, you should be able to keep SC port config simple, even leaving it on 8040/8041 if desired. If IP space is a conern, a content switching virtual server on the ADC would let you use port 443 on 2 different hostnames (subdomains most common scenario) such as sc.mysite.com:443 for webserver and relay.mysite.com:443 for relay while only using 1 host name. You then map each of those to the appropriate internal domain names/ports on SC.

You could also just use 2 IP's, one for each subdomain.

Edited by user Thursday, April 6, 2017 1:51:29 PM(UTC)  | Reason: Not specified

marktoo  
#5 Posted : Friday, April 7, 2017 6:00:29 PM(UTC)
marktoo


Rank: Advanced Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 3/29/2015(UTC)
Posts: 99
United States
Location: Metro DC

Thanks: 28 times
Was thanked: 8 time(s) in 7 post(s)
Originally Posted by: gerardobrien Go to Quoted Post
Do you already have this setup and working?


Yes, it has been working fine for a couple of years now! ThumpUp

Mark

HDClown  
#6 Posted : Tuesday, April 25, 2017 1:38:48 PM(UTC)
HDClown


Rank: Newbie

Joined: 3/25/2017(UTC)
Posts: 18
United States

Was thanked: 2 time(s) in 2 post(s)
Originally Posted by: gerardobrien Go to Quoted Post
Hey I'm currently trialing the self hosted version.

I was wondering if it was possible to share port 443 for web server and relay?

Our SC is behind a WAF that wont allow non standard ports.

Anyone done this before? We are using Windows.

Thanks


If you still need some help with this, let me know. I am now using internal router to be able to listen on 80/443, and publishing through my NetScaler and everything works as expected.
jeffshead  
#7 Posted : Sunday, September 24, 2017 2:51:14 PM(UTC)
jeffshead


Rank: Member

Joined: 10/22/2015(UTC)
Posts: 26
United States

Thanks: 1 times
Originally Posted by: HDClown Go to Quoted Post

If you still need some help with this, let me know. I am now using internal router to be able to listen on 80/443, and publishing through my NetScaler and everything works as expected.


I too have been successfully using the SC router functionality and have all traffic running on a single IP and port 443 (big thanks to marktoo!) but I can't get it working behind a particular WAF. I have to use NAT's and firewall rules to bypass the gateway's WAF. This is causing me concern because I have seen in uptick in intrusion attempts so I would like to make use of the WAF's extra protections if possible.

When I remove the NAT's and firewall rules and setup the WAF to handle the SC traffic, it works for local machines but external users cannot make a connection. It seems to have something to do with how the SC router redirects traffic on different ports. I have also tried using the WAF without the SC router functionality and have the WAF perform the redirection but I just can't get it working. I don't see anything in the firewall logs that indicates the problem.

I was told, "...the WAF only supports one session (one port) and is only going to be useful if the protected session is html-based, since its purpose is to screen the traffic for appropriate html syntax. It seems unlikely that SC fits this model". The WAF I'm referring to is the one built into the Sophos UTM. Does the info on this page (https://community.sophos.com/kb/en-us/120597) verify what I was told; SC is not compatible with the UTM's WAF? If so, what options are available?
Scott  
#8 Posted : Monday, September 25, 2017 10:59:30 AM(UTC)
Scott


Rank: Administration

Medals: Level 4: Wise Old Owl! Received 100 Thanks!

Joined: 3/28/2014(UTC)
Posts: 2,468
United States

Thanks: 3 times
Was thanked: 304 time(s) in 261 post(s)
Per that page, I would highly doubt that the WAF supports our relay since it does not use typical HTML syntax.

As far as other options that may be available, I'll have to defer to the community because I'm not too sure what else might work in this situation.
ScreenConnect Team
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.