[at] IP 45.77.153.162

[domo78]

W10 Famille - 21H1 - 19043.2130 / CFW : 12.2.2.8012

Hello,

In my global rules settings, I have the following rules for a very long time:
Allow – TCP – Out – To port= 4448  - To [at] IP= 199.066.201.016
Allow – UDP – Out – To port= 4447  - To [at] IP= 199.066.201.016
These [at] IP and ports are used by CIS.

I never had FW blocking on these 2 ports until now.

Since Friday 21, I have blocking on these ports to [at] IP 45.77.153.162 (this would correspond to fls.security.comodo.com).

I don't remember making a change in the FW settings.
CFW has of course not been updated; why all of a sudden, these accesses?

According to this document:
https://help.comodo.com/topic-463-1-1029-15796-Appendix-1a---Xcitium-Services---IP-Nos,-Host-Names-and-Port-Details---EU-Customers.html
FLS should use the same [at] IP as above.

If you have an explanation, I am interested.

[futuretech]

Blocking how? What proof do you have that it is being blocked by the firewall?

[domo78]

attached is a screen shot

[futuretech]

Your global rules don't have an allow rule for that IP address that is being blocked. Instead you have allow rules for the 199 address and blocking rule for all other requests. You need to change the allow rules destination address to any to allow all outgoing to those ports.

[domo78]

I know perfectly well that the rules allow the use of ports 4447 and 4448 only for the [at] IP 199.066.201.016 and not for the [at] IP 45.77.153.162.

As I wrote in my first post these rules have been in place for a long time, more than a year, and there was never a block on these ports before October 21.
I am trying to understand why suddenly since October 21 there are access attempts on these ports and a priori by FLS which is a function of CIS knowing that CIS has still not been updated.