Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 10138
  • Last Modified:

Watchguard firewall blocking http traffic. How can i fix.

We have a watchguard x5500e fireware xtm 11.2.3 We recently added a vlan and new cisco switches.
Having issues with blocked http traffic on watchguard from our new 10.13.x.x network But ping and https is working to the outside.
With error
2011-04-26 16:11:57 Deny 72.167.239.237 10.13.x.x 52393/tcp 80 52393 1-Trusted 1-Trusted ip spoofing sites 52 63 (Internal Policy) proc_id="firewall" rc="101" tcp_info="offset 8 AS 767232038 win 53270"       Traffic

I tried adding 10.13.x.x into the http or http proxy rules,  (or any rule) nothing worked.
Routing is
10.13.1.x where the cisco phone or a test laptop is setup, trying from test laptop
10.13.1.x cisco layer 3 switch
10.12.1.x same cisco layer 3 switch
10.12.1.x firewall
Ideas?
0
blhess
Asked:
blhess
  • 5
  • 4
1 Solution
 
dpk_walCommented:
As for firewall 10.13.1.x subnet is behind a L3 device you should add a route so it knows where to route packet to/from.
In policy manager go to Network->Routes; specify network route as 10.13.1.0/24 gateway 10.12.1.x same cisco layer 3 switch.

Check and update.

Thank you.
0
 
blhessAuthor Commented:
thank you, The route on Cisco layer 3 switch and watchguard is already entered. A pc on 10.13.1.x network can ping to the outside (google.com) and Https:// works. only http: is broken.

only http traffic returns the following

2011-04-26 16:11:57 Deny 72.167.239.237 10.13.x.x 52393/tcp 80 52393 1-Trusted 1-Trusted ip spoofing sites 52 63 (Internal Policy) proc_id="firewall" rc="101" tcp_info="offset 8 AS 767232038 win 53270"       Traffic

72.167.239.237 web site we trying to reach.
thanks!
0
 
dpk_walCommented:
IP spoof messages; I want to see if NAT is happening properly.

On Cisco L3 switch am assuming you are doing routing and not NAT.

In Policy Manager; go to Network->NAT->Dynamic NAT; can you check if you have entries like:
192.168.0.0/16->Any External
172.16.0.0/12->Any External
10.0.0.0/8->Any External

If yes, then add an entry as Any Trusted->Any External [Assuming that Cisco router is connected on Trusted interface]; also move this entry on top of others.

Finally, if still you are unable to access internet; then check for:
1. DNS. DNS should be reachable and you should be able to resolved name to IP.
2. Default Gateway: On all machines on 13.x network should be 13.x Cisco L3 switch and on Cisco WG.
3. Any personal firewalls on the machine on 13.x subnet.
4. Any proxy settings in browser.

Please check and update.

Thank you.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
blhessAuthor Commented:
Yes we are doing routing and not NAT on layer 3 switch
In Policy Manager; go to Network->NAT->Dynamic NAT currently we have
192.168.0.0/16->Any External
10.0.0.0/8->Any External
and the following which was add for testing of this issue,
10.13.1.0/24

after hours i will add the Any Trusted->Any External and test and report back

currently DNS, https and ping works to outside network from 10.13.1. 0 network. multi devices and pc's only http is not working on in the 10.13.1.0 network. But if i change exit point to the interent to a different firewall same model but simple rule set, it works. (but i also break several other dmz accesses and vpns.)
thanks!
0
 
blhessAuthor Commented:
should have said
10.13.1.0/24 -> external

0
 
dpk_walCommented:
Can you give me configuration of *all* HTTP services which you have; looks like there is a specific HTTP service blocking access from .13.x subnet.

Thank you.
0
 
blhessAuthor Commented:
I was able to do testing to today and trace things down since everyone off the network on Sunday.. I am Embarrass to say we were not bypassing the Barracuda 410 web filter like I thought.  When I turn off the Barracuda filter http works from 10.13.1.x network. It’s also odd that when Barracuda was blocking the traffic the watchguard was showing Deny 72.167.239.237 10.13.x.x 52393/tcp 80 52393 1-Trusted 1-Trusted ip spoofing sites 52 63 (Internal Policy)
The Barracuda was not showing the traffic in the Barracuda log either. But I now have a better idea where to hunt down the issue, and made progress.
thanks
0
 
blhessAuthor Commented:
http service was block on Barracuda web filter showing odd messages on watchguard firewall.
0
 
dpk_walCommented:
Thank you for the update and points! :)
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now