Solved

x700 core blocking sites it shouldn't be

Posted on 2009-07-09
4
522 Views
Last Modified: 2013-11-16
I have a watchguard x700 that is constantly blocking sites (IPs) that should be allowed through due to a policy.  We use OWA and we have a policy setup to allow any HTTPS traffic through to certain IP addresses...one of them being the Exchange server.  Lately the x700 has just been block happy and blocking just about everything.  Once I reboot the x700 it clears our the blocked sites list and users are able to connect for a short time. Then few hours later, sometimes days, their IP will be added to the blocked sites list again and they cannot connect.  Anyone run into this before and if so can you help...its extremely annoying.
0
Comment
Question by:Fveng
  • 2
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24820204
You must have enabled Auto-block features in policy or at the global level.

In Policy Manager, go to Setup->Default Threat Protection->Default Packet Handling; under unhandled packets, ensure Auto-block source of packets not handled is not checked.

Also, edit the HTTP policy, go to Properties tab; ensure that Auto block sites that attempt to connect is not checked.

Thank you.
0
 

Author Comment

by:Fveng
ID: 24822815
Thanks for the tip.  Auto-block source was checked.  I unchecked it and I'll monitor the blocked sites list to see if that took care of the problem.  Auto block under HTTP or HTTPS wasn't checked so I'm thinking we should be good.
Thanks for your help, I'll accept as solution after testing.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 24825412
Sure, please update once tested! :)

Thank you.
0
 

Author Comment

by:Fveng
ID: 24879314
That seemed to resolve the issue.  I haven't had any complaints yet and the blocked sites list is a lot smaller than it was before.
Thanks!
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5505 NAT question 8 121
Unblock IP Address in Sonicwall 3 90
Sonicwall Security Service questions 2 54
McAfee LiveSafe firewall is blocking a safe website 3 108
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question