Overview
The problem revolves around the inability to access a specific website (https://sso.acesso.gov.br/) through the Kerio Control firewall. The website takes an unusually long time to respond on all devices and browsers. This issue does not occur when not using the Kerio Control firewall network. Despite disabling all Kerio Control features, testing in incognito/private mode, and checking for DNS errors in Kerio's log, the problem persists. GeoIP restriction is not the cause of the problem, as the page is accessible when directly connected to the internet.
Solution
To resolve this issue, you need to adjust the firewall settings using an SSH command. Here are the steps:
- SSH to your Kerio Control firewall appliance.
- Run the following command to disable the Require Correct TCP sequences:
/opt/kerio/winroute/tinydbclient "update Firewall set RequireCorrectTcpSequences=0"
- Restart Kerio Control:
/etc/boxinit.d/60winroute restart
This command relaxes a particular security setting related to TCP sequence verification in the Kerio Control Firewall. Please note that altering firewall settings can have implications for network security. It would be wise to monitor the network for any unusual activity following such changes and consult with IT security professionals to ensure that the network remains secure.
FAQ
- What does the SSH command do?
The SSH command relaxes a particular security setting related to TCP sequence verification in the Kerio Control Firewall. - Can adjusting firewall settings impact network security?
Yes, altering firewall settings can have implications for network security. It's recommended to monitor the network for any unusual activity following such changes and consult with IT security professionals.