Ports shutdown automatically

Hello,
We have a Firebox X500 firewall.  Recently some of the ports shutdown automatically without us making any changes... we rebooted the firebox and all the ports came back.  Shortly thereafter some of some those ports shutdown again, but not all that had done so the first time.  I should also mention that these ports are in different ranges.  Other than rebooting the Firebox all the time is there anything that can be done?
Thanks!!
danmercenAsked:
Who is Participating?
 
dpk_walConnect With a Mentor Commented:
Does traffic on other ports continue to work; if yes, then it is not an ISP issue.

If it is only one specific issue, then we can check if the site is getting listed under blocked sites [if you have under packet handling, block source of packet not handled], if so we can uncheck that option.

Please note some details as to if the traffic is inbound or outbound; and or about port/protocol/application, number of users, your setup, recent changes made any (in hardware/software), others, would really help evaluating the cause. So, would request some (all may not be applicable to you).

Thank you.
0
 
toddjusticeCommented:
Hi,
Just so we are clear, you are talking about logical ports being shut down, not physical ports correct?
If so, I have a few questions.  Do you have Gateway AV/IPS enabled?  If so, IPS can shutdown ports that it sees unfavorable traffic on.  Do you know what version software is on the x500? - Also, is it running WFS or Fireware?
0
 
dpk_walCommented:
Yes what exactly is happening; if your physical port shut itself then please advice on the steps you took to know if that is the case.

If you are talking about ports which you open for allowing incoming traffic then also it would good to know when you say shut down what is happening.

Please advice.

Thank you.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
danmercenAuthor Commented:
I am referring to the logical ports created with the software, not the actual cable ports on the box itself.  We are using Watchguard System Manager 9.0.0.  Our firebox is running WFS 7.5.0 and all of our logic is handled by the WFS Policy Manager.  I believe our firmware is up to 9.1 also.  I do not believe that IPS is enabled, we haven't done much more than the Policy Manager.  I can double check that with some simple instructions on how to.  When I say the ports shutdown, what I mean is that the traffic isn't getting through on those ports, but everything looks ok in Policy Manager.  The entries are there, the are at a normal status... you cant tell anything is wrong, until you try to use something on a port and doesn't work.
0
 
dpk_walCommented:
When this happens, let's say TCP port 80; so your incoming traffic stops or is it the outbound traffic which stops; or both. Further do you get any entries on the traffic monitor which can give some clue as to why the traffic stops flowing.

Can you ping the servers on internet with name and IP; can you use some other port/protocol for eg, FTP, etc.

Thank you.
0
 
danmercenAuthor Commented:
It seems that all traffic on that port number stops.  A ping times out and the traffic monitor isn't providing any clues.  Like I said, a reboot brings it all back working again, temporarily.  Could there be an issue with our Internet Service Provider?  Without changing anything the port traffic magically reappears for a day and the next day it could just as easily be gone again.
0
All Courses

From novice to tech pro — start learning today.