[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1161
  • Last Modified:

Watchguarg Firebox X750e is not allowing to authenticate.

Dear Experts,
I am using Watchguarg Firebox X750e firewall. Last day, I made some changes on the HTTP & HTTPS policies as well as Webblocker subscriptions. from that time, whenever my users are accessing the authentication page of firebox, It is blocking the request, and from that point of time the firewall is blocking all the packets from that specifed IP. even it is not allowing to ping. I tried by disable all web blocking subscriptions, but not solved. Now I opened all packets to external by using 'Any' rule and we are able to work now (For the blocked IPs, even after Any rule applied, it exists as blocked only till a firewall reboot).

Kindly help...
Regards..
Salih TK
0
Ahammad Salih
Asked:
Ahammad Salih
  • 3
  • 2
1 Solution
 
Ahammad SalihAuthor Commented:
For example, please go through the following log

Type      Date-Time      Detailed Message      
Traffic      2011-04-21 00:23:47      blocked sites disp=DENY, direction=NA, pri=4, policy=Internal-Policy, protocol=wg-auth/tcp, src_ip=192.168.1.248, src_port=3420, dst_ip=192.168.1.1, dst_port=4100, src_ip_nat=0.0.0.0, src_port_nat=0, dst_ip_nat=0.0.0.0, dst_port_nat=0, src_intf=1-Trusted, dst_intf=Firebox, rc=101, pckt_len=48, ttl=128, pr_info=offset 7 S 3979790085 win 65535, tag=1001


Even after I opend all ports to external, the IP 192.168.1.248 was not be able to communicate to firebox (192.168.1.1). It got throgh after a firewall restart.
0
 
BrianCommented:
Is ping enabled at all on the Watchguard? It is usually set to not respond to ping requests.

The most likely reason it took a reboot is that the ip was placed in a block list because it had too many unauthorized attempts to connect to the firewall. The default setup is to block that ip for 15-30 minutes.

To fully understand your access problem, users cannot login to the firebox, but can access the Internet?
0
 
BrianCommented:
After thinking on it. When you made your changes, did you have a policy enabled that allowed http and https traffic out? If you disabled or changed webblocker the http and https proxies using webblocker will not always work to allow traffic out.
0
 
Ahammad SalihAuthor Commented:
Actually, the users are able to access internet after allowing all the packets to external from the entire trusted network. after doing this, the users are able to opent even the authetication page of firewall.

Now I disabled all the HTTP and HTTPS proxies and webblockers and created a new policy on the top of the 'Any' policy to filter the net access and it worked out.

Where we can find the black listed IPs... can we release them manually..??
0
 
BrianCommented:
They are under the blocked sites tab in the System Manager. The permanent list is under blocked sites in the menu of th Policy Manager.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now