Solved

x700 core blocking sites it shouldn't be

Posted on 2009-07-09
4
513 Views
Last Modified: 2013-11-16
I have a watchguard x700 that is constantly blocking sites (IPs) that should be allowed through due to a policy.  We use OWA and we have a policy setup to allow any HTTPS traffic through to certain IP addresses...one of them being the Exchange server.  Lately the x700 has just been block happy and blocking just about everything.  Once I reboot the x700 it clears our the blocked sites list and users are able to connect for a short time. Then few hours later, sometimes days, their IP will be added to the blocked sites list again and they cannot connect.  Anyone run into this before and if so can you help...its extremely annoying.
0
Comment
Question by:Fveng
  • 2
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
Comment Utility
You must have enabled Auto-block features in policy or at the global level.

In Policy Manager, go to Setup->Default Threat Protection->Default Packet Handling; under unhandled packets, ensure Auto-block source of packets not handled is not checked.

Also, edit the HTTP policy, go to Properties tab; ensure that Auto block sites that attempt to connect is not checked.

Thank you.
0
 

Author Comment

by:Fveng
Comment Utility
Thanks for the tip.  Auto-block source was checked.  I unchecked it and I'll monitor the blocked sites list to see if that took care of the problem.  Auto block under HTTP or HTTPS wasn't checked so I'm thinking we should be good.
Thanks for your help, I'll accept as solution after testing.
0
 
LVL 32

Expert Comment

by:dpk_wal
Comment Utility
Sure, please update once tested! :)

Thank you.
0
 

Author Comment

by:Fveng
Comment Utility
That seemed to resolve the issue.  I haven't had any complaints yet and the blocked sites list is a lot smaller than it was before.
Thanks!
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now