Overview

While trying to reach the Unifi Cloud portal through the Kerio Control device, the connection is being dropped. The portal request is not passing through the firewall in order to control the specific client. The network diagram of such configuration is displayed below:

If the management PC is connected directly bypassing the Kerio Control, the connection is established successfully.

Diagnosis

Unifi Cloud portal is using STUN binding requests over the 3478 port for UniFI Remote Requests. Moreover, Twilio servers are being used as a 3rd-party service provider.

Kerio Control detects such requests as Intrusions and they are being dropped by the IPS module. The following entries are presented in the Security logs:

IPS: Packet drop, severity: Low, Rule ID: 1:2016149 ET INFO Session Traversal Utilities for NAT (STUN Binding Request), proto:UDP, ip/port:192.168.90.119:51348 (mjp-precision-3430) -> 52.215.127.246:3478 (global.turn.twilio.com)
IPS: Packet drop, severity: Low, Rule ID: 1:2016149 ET INFO Session Traversal Utilities for NAT (STUN Binding Request), proto:UDP, ip/port:192.168.90.119:51348 (mjp-precision-3430) -> 52.215.127.223:3478 (global.stun.twilio.com)

Solution

The above intrusion can be whitelisted in the IPS ignored signatures rules.

You will need to whitelist this Rule ID: 1:2016149 by following the automatic procedure steps in the Configuring Ignored intrusions article.