?
Solved

Cannot access internet from Firebox optional network

Posted on 2009-07-08
6
Medium Priority
?
1,359 Views
Last Modified: 2013-11-16
One of our customers has a Watchguard Firebox Edge x20e-w and they want to give internet access to their customers while they are onsite.

I had initially intended to use the Wireless Guest network on the Firebox, but the area requiring coverage is quite large, so have decided to put in two additional LinkSys wireless access points and connected them to the Opt port on the Firebox via a PoE switch.

Users can connect to the Optional network wirelessly through the LinkSys APs and are receiving DHCP leases from the Firebox BUT they cannot connect to the internet.

In the Firebox log I have many entries as follows:

Jul 8 15:38:41  kernel  deny out eth2 61 udp 20 128 192.168.112.103 192.168.112.1 50851 53 (default)

Where 192.168.112.103 is a client connected wirelessly to the Optional network and 192.168.112.1 is the Optional network interface of the Firebox.

On the Allowed MAC Addresses tab in the Optional Network settings, the box Restrict access by Hardware MAC Address is NOT checked.

Is there a setting somewhere I'm missing?  Internet and BOVPN connections from the Trusted network work fine.
0
Comment
Question by:devon-lad
  • 3
  • 3
6 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24810405
As you have firebox X20e-w one of the possible reasons could be that you are running out of user licenses and as a result no user from optional gets on to internet.

In configuration page of Edge, System Status page; under Options; total number of User licenses and usage is listed.

Other things include:
There is no policy which allows access from optional network to internet.
Ensure that the default outgoing policy is enabled and has from configured from ANY.

Please check and update.

Thank you.
0
 
LVL 1

Author Comment

by:devon-lad
ID: 24811016
Plenty of user licences left.

Default outgoing policy is enabled and configured from ANY.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 24811064
>> kernel  deny out eth2 61 udp 20 128 192.168.112.103 192.168.112.1 50851 53 (default)

Have you configured 192.168.112.1 as DNS IP on the machines; if yes, this is the problem. WG would not act as DNS forwarder; if you are using DHCP or static IP then please ensure that you specify DNS Servers as specified by your ISP.

Other things I would like to check is, if the machines can ping anything on the internet; try pinging following in the same order:
1. From 192.168.112.x machine ping 192.168.112.1 [you should get replies, proceed to 2].
2. From 192.168.112.x machine ping public IP of your Edge [you should get replies, proceed to 3].
1. From 192.168.112.x machine ping public gateway of youe Edge [you should get replies, then the machine is already connecting to internet; it is just DNS issue that you are not able to connect to website using names].

Please check and update.

Thank you.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
LVL 1

Author Comment

by:devon-lad
ID: 24811310
Oh dear...schoolboy error.  Never checked if they could ping external IPs...and should have noticed the fact that the Firebox was logging entries regarding port 53.

Have changed the Opt DHCP settings to use external DNS - from the logs it looks like that's solved it, will double check with the users.
0
 
LVL 1

Author Closing Comment

by:devon-lad
ID: 31601184
That was it - all working now.  Thanks
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24821087
Welcome! :)
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
The video provides a quick and easy steps to migrate MBOX file to well known Outlook PST and Office 365. Besides this, it also supports and migrates more than 20 email clients of MBOX which include AppleMail, Opera, Thunderbird and SeaMonkey effortl…
Suggested Courses

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question