Fritz!Box SSL port changes randomly

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › Fritz!Box SSL port changes randomly

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#247784 23-Feb-2019 11:52

I've noticed in the last month that twice I couldn't access the Fritz!box from inside my network using the HTTPS protocol. Looking at Internet | Permit access I see "TCP Port for HTTPS" changed to something different than 443. I change this back and works again.

Anyone else seeing this?

ObidiahSlope

260 posts

Ultimate Geek

#2185818 23-Feb-2019 13:49

From my 2degrees Fritz Box 7490 System --> Event Log;

29.01.19 11:11:57 The service provider successfully transmitted settings to this device.

29.01.19 11:11:56 The port for internet access to FRITZ!Box via HTTPS was changed from 4XX to 4XX.

29.01.19 11:11:22 The service provider successfully transmitted settings to this device.

29.01.19 11:11:22 The port for internet access to FRITZ!Box via HTTPS was changed from 4XX to 4XX.

29.01.19 11:10:47 The service provider successfully transmitted settings to this device.

29.01.19 11:10:47 The port for internet access to FRITZ!Box via HTTPS was changed from 4XX to 4XX.

Obsequious hypocrite

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2185821 23-Feb-2019 13:57

Thanks, just looked through the log - mine shows changing around three different ports. It doesn't help if you want to always use HTTPS...

NickMack

962 posts

Ultimate Geek

Trusted

Lifetime subscriber

#2186465 24-Feb-2019 19:22

Hiya All,

I'll have a chat to the team tomorrow, I'm not aware of us doing anything on this, nor do I see a good reason to, I'll report back.

Nick.

https://nick.mackechnie.co.nz | NZ ISP latency monitoring - https://smokeping.thenet.gen.nz

Mark

1653 posts

Uber Geek

#2186475 24-Feb-2019 19:54

I'm on Snap/2Degrees and I don't see those types of messages .. mine is not a 2 Degrees supplied Fritz box though (7590 for reference).

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2187174 26-Feb-2019 07:52

I log into the Fritz!Box a few times to make sure kid's Chromebook is in the right parental control state (Blocked/Allowed time) and I always use HTTPS - except when it changes the port and I have to login over HTTP...

Here is another occurrence, noticed when I tried logging in this morning:

NickMack

962 posts

Ultimate Geek

Trusted

Lifetime subscriber

#2187199 26-Feb-2019 08:56

Hi All,

I've had a response back from the team after some investigation.

HTTPS port is changed when a remote access session is established to the Fritzbox by the 2degrees ACS (TR69 protocol) system.

Remote Access is used for troubleshooting purposes by our Customer Care teams (and in some cases depending on the issue/fault our Engineering/Managed Services teams) and occasionally for functionality that can’t be performed via TR069 protocol - In your situation Mauricio we've been capturing logs while investigating the IP6 issues you are experiencing.

ACS selects a random port between 444 and 474 (except 465, which is restricted by Firefox and Chrome).

The reason for randomising is due to some customers already forwarding port 443 to an internal host (Webserver etc), so enabling remote access on port 443 would break that connectivity.

We’ll look at the possibility of resetting the HTTPS port back to its original setting after the remote session is closed.

Nick.

https://nick.mackechnie.co.nz | NZ ISP latency monitoring - https://smokeping.thenet.gen.nz

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2187200 26-Feb-2019 08:58

Thanks Nick!