Watchguard Blocking IP with DOS Alarn "port_scan_dos"

Posted on 2011-10-17
Last Modified: 2012-12-23

We have a Watchguard X1250e and the issue we are having is that it keeps blocking the IP addresses where my laptop is used to connect to the network. If I'm at home it blocks the IP at my house, if I go to clients office it blocks the IP of my client.

I already rebuilt my laptop. Deleted partitions and formatted the partitions.
I only got Office 2010, Bomgar (, and Skype, nothing else.

I found this   but if I just rebuilt my machine then how can I have a virus on my machine. We have been using the Watchguard for several years now and this started happening about a month ago. Any ideas without disabling the security on the Watchguard?

Question by:esitech

    Author Comment

    I removed Skype and haven't had any issues so far. Any ideas why would Skype this issue? The rest of the people that connect to this watchguard are also using Skype and are not experiencing any issues.
    LVL 32

    Expert Comment

    Logs from the Watchguard log viewer would give clue as to what is happening.

    I think [wild guesses] that you might have multi homed machine and are sending packets for more than one subnet and WG thinks it to be spoof attack.
    Another thing could be that your machine has some application/program [may be legitimate or might also be malware] that is sending too many packets out causing the behavior that your machine get blocked.

    Please check the logs and update.

    Thank you.

    Author Comment

    Yes this is a home network, and have several devices here. So far it hasn't happened again. Is there a way to disable that on the WG, so it doesn't block it? The WG has done this to some of my clients also, as we have our Labtech Agents installed on our their computers and servers, this will cause several packets to be sent back and forth.
    LVL 32

    Accepted Solution

    You can change few parameters under Default threat protection; which can prevent WG from blocking, you would need to play around a bit with the settings to come out with a profile which best suites your network traffic profile.

    Thank you,

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
    In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now