To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

ESS & SS 9.2 - Testing on TS Servers

Rick586
Rick586 Posts: 52 Security Scout

I'm currently testing these versions on a Test MS TS server but I've some issues;

 

1.  Is there a way to ensure the DeepGuard service is working properly?

2.  Do F-Secure have test URLs which can be used to test the additional components added in this version?

3.  The Browsing Protection Ratings aren't appearing in IE when you do a search in Google for example.

 

I'm wondering if additional ports need opening on our firewalls but I read that it'll use port 80 for traffic and 53 for DNS.

 

If the ORSP service needs to connect to backend servers, are there any IPs/URLs which you could allow access to in a firewall rule for example?  I'd rather be in a position of controlling outbound traffic from our server VLAN, just to be safe!

 

 

Many thanks.

Comments

  • Dmitriy
    Dmitriy Staff Posts: 179 Threat Terminator

    You can use fstestdomain.com to verify that Browsing Protection and DeepGuard work as expected. The links are self explanatory:

     

    http://safe.fstestdomain.com/

    http://unsafe.fstestdomain.com/

    http://malicious.fstestdomain.com/

     

    Did you enable 3rd party extensions in IE? By default, Enhanced Security Configuration blocks IE extensions/plug-ins on Windows Server platforms. If Browsing Protection plug-in is disabled, then ratings are not properly shown in search results.

     

    Yes, the ORSP service requires outbound HTTP connections to our backend servers. Please consult this Knowledge Base article (http://www.f-secure.com/en/web/business_global/support/article/kba/2712) for list of IPs that the firewall should allow communication with.

  • Vad
    Vad Posts: 1,069 Cybercrime Crusader

    Hello Rick586,

     

    I'll try to answer some of your questions:

     

    1. Check DeepGuard->Monitored programs in WebUI.

    2. Type "download free screensavers" in google and you'll find a harmful website

    3. Check your IE advanced internet options. Enable "Enable third-party browser extensions" parameter and restart IE.

     

    Yes, the ORSP service needs a connection to backend server. You can find details in Help to Genaral->Privacy page of WebUI.

     

    Regards,

    Vad

  • Rick586
    Rick586 Posts: 52 Security Scout

    Hi Dmitriy.

     

    Our UTM firewall supports the use of hostnames which would be easier because if you decide to add or remove backend servers, we could be left with servers having access to unknown hosts or hosts that can't be reached because our firewall rule doesn't allow the traffic!

     

    I assume that for all those IP addresses, you're using some kind of DNS round-robin?

     

    If so, what URL do those IPs resolve to?

     

    That'll be the best way for us.

     

    Many thanks.

  • Rick586
    Rick586 Posts: 52 Security Scout

    Hello Vad, Dmitriy.

     

    I've created a full http outbound rule for that test TS server through our firewall using port80 as normal but the rating service says it's unavailable!  All the links come up as a grey question mark.

     

    Also, after following both your suggestions, none of it seems to be working other than the basic server AV protection - that's DeepGuard, the link scanner and site ratings and note, I can't find any evidence that the ORSP service is even communicating with your FSBWServers.  It is running as a service as I've checked that.

     

    Any other suggestions?

     

    Thanks. 

  • Dmitriy
    Dmitriy Staff Posts: 179 Threat Terminator

    To check that ORSP connections work, go to %ProgramFiles%\F-Secure\ORSP Client folder and run orspdiag.exe from the command line. The output has a line about the connection ("Connectivity state"); if it says "Ok", then the connection works. If it says "Connecting" then the connection to the server has been initialized but the crypto session is still uninitialized (i.e. there hasn't been any queries to the server yet). If it says "Timeout", then there's networking congestion.

     

    If you get "Ok" with orspdiag.exe, but don't see Browsing Protection ratings in IE, then the problem might be somewhere else. I'd then suggest to open a support ticket and send us fsdiag report.

  • Rick586
    Rick586 Posts: 52 Security Scout

    When I run that command, I get the following output:

     

    RPC communication error (is ORSP service running?)

     

    Interestingly, I get that error regardless if the service is actually running or in a stopped state!

  • Dmitriy
    Dmitriy Staff Posts: 179 Threat Terminator
    Rick586,
    Please open a support ticket. There is really something fishy and we have to look into fsdiag report. I hope our product experts will follow up and pin the problem down.
  • Rick586
    Rick586 Posts: 52 Security Scout

    This problem is turning out to be quite a challenge...

     

    I've been trying to do an FSDiag all morning but it appears to have hung during the process but a file has appeared on the desktop so hopefully that will do as I've had to kill the process with the Task Manager!

  • celavey
    celavey MyAccount Posts: 6 Security Scout

    This is actually where most of us learned. A problem that even expects are having their head spins. I would like to help and see what I can do. image

  • Rick586
    Rick586 Posts: 52 Security Scout

    Interestingly, tech support have asked me to change the ORSP service from running under the Network Service account to the Local System account.

     

    I find this curious as I didn't change that setting, it was configured during the default installation.

     

    Perhaps there's a bug but I have F-Secure installed at home and it works fine there without me having had to make any changes.

     

    Perhaps it's because we proxy all internet traffic but we have a means of allowing traffic to bypass the proxy and go straight out via our Firewall.

  • celavey
    celavey MyAccount Posts: 6 Security Scout

    Right. It could also be pretty risky on our end if we are not too careful running proxies. image

This discussion has been closed.

Categories