Solved

Unable to access some websites from inside network - Watchguard X10e

Posted on 2009-05-08
26
1,293 Views
Last Modified: 2013-11-16
I recently had to force our Watchguard X10e firewall to reset to defaults because the person that set it up has left the company and didn't leave the password or any documentation of how it was configured.

Since then we are unable to access certain websites, but others work.  I am unable to access experts-exchange.com, microsoft.com and yahoo.com for example, yet google.com and cnn.com work.

This happens on all of the network computers in addition to the server.  There is no web filtering software running on the server.

The outgoing firewall is configured to allow outgoing traffic.  Incoming is configured to allow ports 443, 25, and 4125 .  

The webBlocker function is disabled on the Watchguard.

Any ideas on where to start looking.  It almost acts like a virus of some type, but nothing is coming up on any scans.  Everything else seems to work normally, just some websites are being filtered.
0
Comment
Question by:AzIT1
  • 13
  • 9
  • 4
26 Comments
 

Expert Comment

by:dpm2009
ID: 24338330
Can you get a ping response from any of the inaccessible sites?

0
 

Author Comment

by:AzIT1
ID: 24338439
Yes, ping works normally, tracert works normally.  I've pretty much ruled out a DNS issue.

Wire Shark shows a GET HTTP request, but no response.
0
 

Expert Comment

by:dpm2009
ID: 24338580
Have you tried clearing your arp cache on the workstations? i.e. netsh interface ip delete arpcache

Also, have you added 4.2.2.2 as a DNS server for your trusted network?
0
 

Author Comment

by:AzIT1
ID: 24339491
Clearing the arp cache didn't change anything.

Yes, I've got 4.2.2.2 as a DNS server.

I also tried putting in yahoo's IP, rather than the URL.  Got the same result.
0
 

Expert Comment

by:dpm2009
ID: 24339514
Do you have a DNS server in your network ?

Or is it just external DNS from your ISP?
0
 

Author Comment

by:AzIT1
ID: 24339533
Local DNS is running on SBS 2003.  4.2.2.2 is listed as the first forwarder, with one of Qwest's DNS servers as a secondary.  
0
 

Expert Comment

by:dpm2009
ID: 24339567
Did the ping work for hostname as well as IP address?
0
 

Author Comment

by:AzIT1
ID: 24339584
Yes
0
 

Author Comment

by:AzIT1
ID: 24339775
The Watchguard box is logging a lot of deny proxy events with the description of:  "pri="1" msg_id="0F02-0015" msg="[cfm pid=15038] already running 'pid=139 sandbox_cfg=/etc/stp/cfm_sandbox.conf sandbox_dirname=/var/cfm_sandbox '"

I'm not sure what this means.  I don't have much experience with Watchguard products.
0
 

Expert Comment

by:dpm2009
ID: 24339829
Can you post the log info please?
0
 

Author Comment

by:AzIT1
ID: 24339889
Here is a screen shot of the log page.  I don't have it setup to create actual log files right now.
watchguardlog.jpg
0
 

Expert Comment

by:dpm2009
ID: 24339953
And you've applied the appropriate firebox license as well after restoring to defaults?

It seems like a service is corrupt and unable to start .  Have you tried to restore to defaults again?
0
 

Expert Comment

by:dpm2009
ID: 24339986
Also have you updated to the latest x10e firmware?
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:AzIT1
ID: 24339991
I haven't tried to reset it again.  I haven't applied any type of license.  Does Watchguard have some type of licensing for hardware?  If it is license related why do some sites work and others don't.  

I think it is time to pull the Watchguard box out of the mix to eliminate it as the problem.  Unfortunately their tech support won't help because the administrator they have on file isn't here anymore.
0
 

Expert Comment

by:dpm2009
ID: 24340025
There would need to be an applicable license that is essentially copied from your Watchguard Online Account.  Then you will need to paste that into your x10e.

Then you would need to update to the latest Fireware (firmware).

You may want to get a hold of a sales rep and explain the situation , so they can create a new admin account....
0
 

Author Comment

by:AzIT1
ID: 24340041
Interesting...I'm used to Cisco equipment.  No license needed unless you want to upgrade to a different IOS package.  

I'll see what I can find out from Watchguard....or just buy a Cisco box!
0
 

Expert Comment

by:dpm2009
ID: 24340085
Sounds good....if any of my comments have helped, don't forget give the points :)
0
 

Author Comment

by:AzIT1
ID: 24340119
Will do...I'll let you know what I find out.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24344991
I think you are using HTTP proxy and this is causing the problem; can you disable HTTP proxy and see if that solves the problem.
Are you using webblocker/anti-virus or any other proxy feature; if yes, when you disable HTTP proxy all of them would cease to function for HTTP traffic.

which version of firware are you running.

Please check and update.

Thank you.
0
 

Author Comment

by:AzIT1
ID: 24350776
WebBlocker is disabled.  I don't see anything about HTTP proxy in the configuration interface.  Firmware version is:
8.0
Jun 20 2006
build 8006
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24351169
Under Firewall->Outgoing; you would have Common Proxy Policies; please ensure that for HTTP-proxy you have NO RULE selected.

If it is not HTTP proxy; then resetting the unit to factory defaults and reconfiguring would be a good option. Is it possible for you to reset the unit to factory defaults?

Please update.

Thank you.
0
 

Author Comment

by:AzIT1
ID: 24351185
There isn't an option for Common Proxy Policies.  The only options are:

DNS
FTP
HTTP
HTTPS
ILS
IPSec
NetMeeting
NNTP
Ping
POP3
PPTP
SMB
SMTP
SNMP
ssh
Telnet
WG-Logging
WG-Firebox-Mgmt
WG-Mgmt-Server
Outgoing


These are all set to "No Rule" with the exception of Outgoing, which is set to "Allow"
   
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24351204
I think with 8.0 the were not introduced; dont remember exactly; if possible upgrade to newer version as they are available. Also, as I said resetting unit to defaults and reconfiguring would help on the current version.

Thank you.
0
 

Author Comment

by:AzIT1
ID: 24351267
I'm working on getting Watchguard to transfer the admin account over to me.  The previous admin didn't leave any of user accounts or password.  Once I get that done I'll update the firmware.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24351276
please update about the results! :)
0
 

Accepted Solution

by:
AzIT1 earned 0 total points
ID: 24488192
Sorry about the delay in updates...Another tech said he has seen the same behavior when the DSL modem is set to PPPoE instead of PPPoA.  I'll try that out and see what happens.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now