[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1345
  • Last Modified:

Unable to access some websites from inside network - Watchguard X10e

I recently had to force our Watchguard X10e firewall to reset to defaults because the person that set it up has left the company and didn't leave the password or any documentation of how it was configured.

Since then we are unable to access certain websites, but others work.  I am unable to access experts-exchange.com, microsoft.com and yahoo.com for example, yet google.com and cnn.com work.

This happens on all of the network computers in addition to the server.  There is no web filtering software running on the server.

The outgoing firewall is configured to allow outgoing traffic.  Incoming is configured to allow ports 443, 25, and 4125 .  

The webBlocker function is disabled on the Watchguard.

Any ideas on where to start looking.  It almost acts like a virus of some type, but nothing is coming up on any scans.  Everything else seems to work normally, just some websites are being filtered.
0
AzIT1
Asked:
AzIT1
  • 13
  • 9
  • 4
1 Solution
 
dpm2009Commented:
Can you get a ping response from any of the inaccessible sites?

0
 
AzIT1Author Commented:
Yes, ping works normally, tracert works normally.  I've pretty much ruled out a DNS issue.

Wire Shark shows a GET HTTP request, but no response.
0
 
dpm2009Commented:
Have you tried clearing your arp cache on the workstations? i.e. netsh interface ip delete arpcache

Also, have you added 4.2.2.2 as a DNS server for your trusted network?
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
AzIT1Author Commented:
Clearing the arp cache didn't change anything.

Yes, I've got 4.2.2.2 as a DNS server.

I also tried putting in yahoo's IP, rather than the URL.  Got the same result.
0
 
dpm2009Commented:
Do you have a DNS server in your network ?

Or is it just external DNS from your ISP?
0
 
AzIT1Author Commented:
Local DNS is running on SBS 2003.  4.2.2.2 is listed as the first forwarder, with one of Qwest's DNS servers as a secondary.  
0
 
dpm2009Commented:
Did the ping work for hostname as well as IP address?
0
 
AzIT1Author Commented:
Yes
0
 
AzIT1Author Commented:
The Watchguard box is logging a lot of deny proxy events with the description of:  "pri="1" msg_id="0F02-0015" msg="[cfm pid=15038] already running 'pid=139 sandbox_cfg=/etc/stp/cfm_sandbox.conf sandbox_dirname=/var/cfm_sandbox '"

I'm not sure what this means.  I don't have much experience with Watchguard products.
0
 
dpm2009Commented:
Can you post the log info please?
0
 
AzIT1Author Commented:
Here is a screen shot of the log page.  I don't have it setup to create actual log files right now.
watchguardlog.jpg
0
 
dpm2009Commented:
And you've applied the appropriate firebox license as well after restoring to defaults?

It seems like a service is corrupt and unable to start .  Have you tried to restore to defaults again?
0
 
dpm2009Commented:
Also have you updated to the latest x10e firmware?
0
 
AzIT1Author Commented:
I haven't tried to reset it again.  I haven't applied any type of license.  Does Watchguard have some type of licensing for hardware?  If it is license related why do some sites work and others don't.  

I think it is time to pull the Watchguard box out of the mix to eliminate it as the problem.  Unfortunately their tech support won't help because the administrator they have on file isn't here anymore.
0
 
dpm2009Commented:
There would need to be an applicable license that is essentially copied from your Watchguard Online Account.  Then you will need to paste that into your x10e.

Then you would need to update to the latest Fireware (firmware).

You may want to get a hold of a sales rep and explain the situation , so they can create a new admin account....
0
 
AzIT1Author Commented:
Interesting...I'm used to Cisco equipment.  No license needed unless you want to upgrade to a different IOS package.  

I'll see what I can find out from Watchguard....or just buy a Cisco box!
0
 
dpm2009Commented:
Sounds good....if any of my comments have helped, don't forget give the points :)
0
 
AzIT1Author Commented:
Will do...I'll let you know what I find out.
0
 
dpk_walCommented:
I think you are using HTTP proxy and this is causing the problem; can you disable HTTP proxy and see if that solves the problem.
Are you using webblocker/anti-virus or any other proxy feature; if yes, when you disable HTTP proxy all of them would cease to function for HTTP traffic.

which version of firware are you running.

Please check and update.

Thank you.
0
 
AzIT1Author Commented:
WebBlocker is disabled.  I don't see anything about HTTP proxy in the configuration interface.  Firmware version is:
8.0
Jun 20 2006
build 8006
0
 
dpk_walCommented:
Under Firewall->Outgoing; you would have Common Proxy Policies; please ensure that for HTTP-proxy you have NO RULE selected.

If it is not HTTP proxy; then resetting the unit to factory defaults and reconfiguring would be a good option. Is it possible for you to reset the unit to factory defaults?

Please update.

Thank you.
0
 
AzIT1Author Commented:
There isn't an option for Common Proxy Policies.  The only options are:

DNS
FTP
HTTP
HTTPS
ILS
IPSec
NetMeeting
NNTP
Ping
POP3
PPTP
SMB
SMTP
SNMP
ssh
Telnet
WG-Logging
WG-Firebox-Mgmt
WG-Mgmt-Server
Outgoing


These are all set to "No Rule" with the exception of Outgoing, which is set to "Allow"
   
0
 
dpk_walCommented:
I think with 8.0 the were not introduced; dont remember exactly; if possible upgrade to newer version as they are available. Also, as I said resetting unit to defaults and reconfiguring would help on the current version.

Thank you.
0
 
AzIT1Author Commented:
I'm working on getting Watchguard to transfer the admin account over to me.  The previous admin didn't leave any of user accounts or password.  Once I get that done I'll update the firmware.
0
 
dpk_walCommented:
please update about the results! :)
0
 
AzIT1Author Commented:
Sorry about the delay in updates...Another tech said he has seen the same behavior when the DSL modem is set to PPPoE instead of PPPoA.  I'll try that out and see what happens.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

  • 13
  • 9
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now