ESS & SS 9.2 - Testing on TS Servers

Aspirant

ESS & SS 9.2 - Testing on TS Servers

I'm currently testing these versions on a Test MS TS server but I've some issues;

 

1.  Is there a way to ensure the DeepGuard service is working properly?

2.  Do F-Secure have test URLs which can be used to test the additional components added in this version?

3.  The Browsing Protection Ratings aren't appearing in IE when you do a search in Google for example.

 

I'm wondering if additional ports need opening on our firewalls but I read that it'll use port 80 for traffic and 53 for DNS.

 

If the ORSP service needs to connect to backend servers, are there any IPs/URLs which you could allow access to in a firewall rule for example?  I'd rather be in a position of controlling outbound traffic from our server VLAN, just to be safe!

 

 

Many thanks.

11 REPLIES 11
F-Secure

Re: ESS & SS 9.2 - Testing on TS Servers

You can use fstestdomain.com to verify that Browsing Protection and DeepGuard work as expected. The links are self explanatory:

 

http://safe.fstestdomain.com/

http://unsafe.fstestdomain.com/

http://malicious.fstestdomain.com/

 

Did you enable 3rd party extensions in IE? By default, Enhanced Security Configuration blocks IE extensions/plug-ins on Windows Server platforms. If Browsing Protection plug-in is disabled, then ratings are not properly shown in search results.

 

Yes, the ORSP service requires outbound HTTP connections to our backend servers. Please consult this Knowledge Base article (http://www.f-secure.com/en/web/business_global/support/article/kba/2712) for list of IPs that the firewall should allow communication with.

F-Secure
F-Secure

Re: ESS & SS 9.2 - Testing on TS Servers

Hello Rick586,

 

I'll try to answer some of your questions:

 

1. Check DeepGuard->Monitored programs in WebUI.

2. Type "download free screensavers" in google and you'll find a harmful website

3. Check your IE advanced internet options. Enable "Enable third-party browser extensions" parameter and restart IE.

 

Yes, the ORSP service needs a connection to backend server. You can find details in Help to Genaral->Privacy page of WebUI.

 

Regards,

Vad

Aspirant

Re: ESS & SS 9.2 - Testing on TS Servers

Hi Dmitriy.

 

Our UTM firewall supports the use of hostnames which would be easier because if you decide to add or remove backend servers, we could be left with servers having access to unknown hosts or hosts that can't be reached because our firewall rule doesn't allow the traffic!

 

I assume that for all those IP addresses, you're using some kind of DNS round-robin?

 

If so, what URL do those IPs resolve to?

 

That'll be the best way for us.

 

Many thanks.

Aspirant

Re: ESS & SS 9.2 - Testing on TS Servers

Hello Vad, Dmitriy.

 

I've created a full http outbound rule for that test TS server through our firewall using port80 as normal but the rating service says it's unavailable!  All the links come up as a grey question mark.

 

Also, after following both your suggestions, none of it seems to be working other than the basic server AV protection - that's DeepGuard, the link scanner and site ratings and note, I can't find any evidence that the ORSP service is even communicating with your FSBWServers.  It is running as a service as I've checked that.

 

Any other suggestions?

 

Thanks. 

F-Secure

Re: ESS & SS 9.2 - Testing on TS Servers

To check that ORSP connections work, go to %ProgramFiles%\F-Secure\ORSP Client folder and run orspdiag.exe from the command line. The output has a line about the connection ("Connectivity state"); if it says "Ok", then the connection works. If it says "Connecting" then the connection to the server has been initialized but the crypto session is still uninitialized (i.e. there hasn't been any queries to the server yet). If it says "Timeout", then there's networking congestion.

 

If you get "Ok" with orspdiag.exe, but don't see Browsing Protection ratings in IE, then the problem might be somewhere else. I'd then suggest to open a support ticket and send us fsdiag report.

Aspirant

Re: ESS & SS 9.2 - Testing on TS Servers

When I run that command, I get the following output:

 

RPC communication error (is ORSP service running?)

 

Interestingly, I get that error regardless if the service is actually running or in a stopped state!

F-Secure

Re: ESS & SS 9.2 - Testing on TS Servers

Rick586,
Please open a support ticket. There is really something fishy and we have to look into fsdiag report. I hope our product experts will follow up and pin the problem down.
Aspirant

Re: ESS & SS 9.2 - Testing on TS Servers

This problem is turning out to be quite a challenge...

 

I've been trying to do an FSDiag all morning but it appears to have hung during the process but a file has appeared on the desktop so hopefully that will do as I've had to kill the process with the Task Manager!

Highlighted
Scholar

Re: ESS & SS 9.2 - Testing on TS Servers

This is actually where most of us learned. A problem that even expects are having their head spins. I would like to help and see what I can do.