1 Reply Latest reply on Feb 23, 2018 10:23 PM by davemurphyca

Connections Resettings from Remote Networks

davemurphyca Feb 22, 2018 2:37 PM

Been searching all over and not coming up with anything that's been helpful.

Running Wildfly 10 on a Windows Server (vendor software is .NET based, can't run on LINUX)

Any request to the service which comes from the local subnet, e.g. 10.10.10.x will function properly. But if a request comes from another subnet, such as 10.10.11.x, I get a connection reset. I've validated that other windows services are available remotely from other subnets, so for example, I can remotely manage the server, I can RDP, query WMI properties, etc. I've tried editing the \wildfly-10.0.0.Final\standalone\configuration\standalone configuration to allow connections from any subnet.

<subnet-match value="10.10.0.0/16"/>

</interface>

Also tried

<any-address/>

</interface>

Looking at Wireshark on the Wildfly host, I see

Source->WildFly [SYN, ECN, CWR]

WildFly->Source [SYN, ACK, ACN]

Source->WildFly [ACK] and then the reset

Source->WildFly [RST,ACK]

Any thoughts?

1. Re: Connections Resettings from Remote Networks

davemurphyca Feb 23, 2018 10:23 PM (in response to davemurphyca)

Found the problem. My company has a palo alto networks application firewall. In reviewing logs between subnets that worked and subnets that didn't, the non-functioning subnets had a different application ruleset applied. Once the same ruleset was applied to those subnets, the connections resumed. One was based on web protocols, the other on system center configuration manager. While both were both port 8080 allowed, the non http traffic rule would immediately shut down traffic because it was not expecting the http protocol.
Actions