views:

340

answers:

2

We allow users to dial-in to our system.

We run a firewall on the dial-in system that blocks all access by default and we only allow certain servers to be accessed by adding specific rules.

We have a web service that contacts our server. The service calls are made over SSL.

The SSL Cert is from GoDaddy.

We have found that when connecting to the service the first time something tries to verify the SSL certificate. We are seeing dropped packets to Microsoft IP addresses via port 80.

If we allow access to the Microsoft IP, the software works perfect.

Issue being the IP is random, so I have been adding a few different IP hosts.

Looks like some type of SSL verification system or something... anyone ever run into something like this? or know of a block of IP's or hostnames that I can allow in the firewall?

A: 

It's most likely trying to contact the Certificate Authority (CA) to verify the SSL cert.

Joseph
Now to figure out how to allow this in the firewall.. hm.
Shawn
A: 

It smells like browser is trying to connect to a CRL server. Try to reverse-resolve the IP addresses to a domain name and you should get some clue.

Matej