Cannot access internet from Firebox optional network

One of our customers has a Watchguard Firebox Edge x20e-w and they want to give internet access to their customers while they are onsite.

I had initially intended to use the Wireless Guest network on the Firebox, but the area requiring coverage is quite large, so have decided to put in two additional LinkSys wireless access points and connected them to the Opt port on the Firebox via a PoE switch.

Users can connect to the Optional network wirelessly through the LinkSys APs and are receiving DHCP leases from the Firebox BUT they cannot connect to the internet.

In the Firebox log I have many entries as follows:

Jul 8 15:38:41  kernel  deny out eth2 61 udp 20 128 50851 53 (default)

Where is a client connected wirelessly to the Optional network and is the Optional network interface of the Firebox.

On the Allowed MAC Addresses tab in the Optional Network settings, the box Restrict access by Hardware MAC Address is NOT checked.

Is there a setting somewhere I'm missing?  Internet and BOVPN connections from the Trusted network work fine.
Who is Participating?

Improve company productivity with a Business Account.Sign Up

dpk_walConnect With a Mentor Commented:
>> kernel  deny out eth2 61 udp 20 128 50851 53 (default)

Have you configured as DNS IP on the machines; if yes, this is the problem. WG would not act as DNS forwarder; if you are using DHCP or static IP then please ensure that you specify DNS Servers as specified by your ISP.

Other things I would like to check is, if the machines can ping anything on the internet; try pinging following in the same order:
1. From 192.168.112.x machine ping [you should get replies, proceed to 2].
2. From 192.168.112.x machine ping public IP of your Edge [you should get replies, proceed to 3].
1. From 192.168.112.x machine ping public gateway of youe Edge [you should get replies, then the machine is already connecting to internet; it is just DNS issue that you are not able to connect to website using names].

Please check and update.

Thank you.
As you have firebox X20e-w one of the possible reasons could be that you are running out of user licenses and as a result no user from optional gets on to internet.

In configuration page of Edge, System Status page; under Options; total number of User licenses and usage is listed.

Other things include:
There is no policy which allows access from optional network to internet.
Ensure that the default outgoing policy is enabled and has from configured from ANY.

Please check and update.

Thank you.
devon-ladAuthor Commented:
Plenty of user licences left.

Default outgoing policy is enabled and configured from ANY.
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

devon-ladAuthor Commented:
Oh dear...schoolboy error.  Never checked if they could ping external IPs...and should have noticed the fact that the Firebox was logging entries regarding port 53.

Have changed the Opt DHCP settings to use external DNS - from the logs it looks like that's solved it, will double check with the users.
devon-ladAuthor Commented:
That was it - all working now.  Thanks
Welcome! :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.