We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Watchguarg Firebox X750e is not allowing to authenticate.

Ahammad Salih
on
Medium Priority
1,186 Views
Last Modified: 2012-05-11
Dear Experts,
I am using Watchguarg Firebox X750e firewall. Last day, I made some changes on the HTTP & HTTPS policies as well as Webblocker subscriptions. from that time, whenever my users are accessing the authentication page of firebox, It is blocking the request, and from that point of time the firewall is blocking all the packets from that specifed IP. even it is not allowing to ping. I tried by disable all web blocking subscriptions, but not solved. Now I opened all packets to external by using 'Any' rule and we are able to work now (For the blocked IPs, even after Any rule applied, it exists as blocked only till a firewall reboot).

Kindly help...
Regards..
Salih TK
Comment
Watch Question

Ahammad SalihWindows Admin

Author

Commented:
For example, please go through the following log

Type      Date-Time      Detailed Message      
Traffic      2011-04-21 00:23:47      blocked sites disp=DENY, direction=NA, pri=4, policy=Internal-Policy, protocol=wg-auth/tcp, src_ip=192.168.1.248, src_port=3420, dst_ip=192.168.1.1, dst_port=4100, src_ip_nat=0.0.0.0, src_port_nat=0, dst_ip_nat=0.0.0.0, dst_port_nat=0, src_intf=1-Trusted, dst_intf=Firebox, rc=101, pckt_len=48, ttl=128, pr_info=offset 7 S 3979790085 win 65535, tag=1001


Even after I opend all ports to external, the IP 192.168.1.248 was not be able to communicate to firebox (192.168.1.1). It got throgh after a firewall restart.
CERTIFIED EXPERT

Commented:
Is ping enabled at all on the Watchguard? It is usually set to not respond to ping requests.

The most likely reason it took a reboot is that the ip was placed in a block list because it had too many unauthorized attempts to connect to the firewall. The default setup is to block that ip for 15-30 minutes.

To fully understand your access problem, users cannot login to the firebox, but can access the Internet?
CERTIFIED EXPERT

Commented:
After thinking on it. When you made your changes, did you have a policy enabled that allowed http and https traffic out? If you disabled or changed webblocker the http and https proxies using webblocker will not always work to allow traffic out.
Ahammad SalihWindows Admin

Author

Commented:
Actually, the users are able to access internet after allowing all the packets to external from the entire trusted network. after doing this, the users are able to opent even the authetication page of firewall.

Now I disabled all the HTTP and HTTPS proxies and webblockers and created a new policy on the top of the 'Any' policy to filter the net access and it worked out.

Where we can find the black listed IPs... can we release them manually..??
CERTIFIED EXPERT
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.