Watchguard Blocking IP with DOS Alarn "port_scan_dos"

Hello,

We have a Watchguard X1250e and the issue we are having is that it keeps blocking the IP addresses where my laptop is used to connect to the network. If I'm at home it blocks the IP at my house, if I go to clients office it blocks the IP of my client.

I already rebuilt my laptop. Deleted partitions and formatted the partitions.
I only got Office 2010, Bomgar (http://bomgar.com), and Skype, nothing else.

I found this http://www.dslreports.com/forum/r23523169-Port-scan-dos   but if I just rebuilt my machine then how can I have a virus on my machine. We have been using the Watchguard for several years now and this started happening about a month ago. Any ideas without disabling the security on the Watchguard?



esitechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

esitechAuthor Commented:
I removed Skype and haven't had any issues so far. Any ideas why would Skype this issue? The rest of the people that connect to this watchguard are also using Skype and are not experiencing any issues.
0
dpk_walCommented:
Logs from the Watchguard log viewer would give clue as to what is happening.

I think [wild guesses] that you might have multi homed machine and are sending packets for more than one subnet and WG thinks it to be spoof attack.
Another thing could be that your machine has some application/program [may be legitimate or might also be malware] that is sending too many packets out causing the behavior that your machine get blocked.

Please check the logs and update.

Thank you.
0
esitechAuthor Commented:
Yes this is a home network, and have several devices here. So far it hasn't happened again. Is there a way to disable that on the WG, so it doesn't block it? The WG has done this to some of my clients also, as we have our Labtech Agents installed on our their computers and servers, this will cause several packets to be sent back and forth.
0
dpk_walCommented:
You can change few parameters under Default threat protection; which can prevent WG from blocking, you would need to play around a bit with the settings to come out with a profile which best suites your network traffic profile.

http://customers.watchguard.com/articles/Article/3029?retURL=%2Fapex%2FknowledgeSearch&popup=false

Thank you,
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.