Watchguard Blocking IP with DOS Alarn "port_scan_dos"

Posted on 2011-10-17
Medium Priority
Last Modified: 2012-12-23

We have a Watchguard X1250e and the issue we are having is that it keeps blocking the IP addresses where my laptop is used to connect to the network. If I'm at home it blocks the IP at my house, if I go to clients office it blocks the IP of my client.

I already rebuilt my laptop. Deleted partitions and formatted the partitions.
I only got Office 2010, Bomgar (http://bomgar.com), and Skype, nothing else.

I found this http://www.dslreports.com/forum/r23523169-Port-scan-dos   but if I just rebuilt my machine then how can I have a virus on my machine. We have been using the Watchguard for several years now and this started happening about a month ago. Any ideas without disabling the security on the Watchguard?

Question by:esitech
  • 2
  • 2

Author Comment

ID: 36981797
I removed Skype and haven't had any issues so far. Any ideas why would Skype this issue? The rest of the people that connect to this watchguard are also using Skype and are not experiencing any issues.
LVL 32

Expert Comment

ID: 36983960
Logs from the Watchguard log viewer would give clue as to what is happening.

I think [wild guesses] that you might have multi homed machine and are sending packets for more than one subnet and WG thinks it to be spoof attack.
Another thing could be that your machine has some application/program [may be legitimate or might also be malware] that is sending too many packets out causing the behavior that your machine get blocked.

Please check the logs and update.

Thank you.

Author Comment

ID: 37504742
Yes this is a home network, and have several devices here. So far it hasn't happened again. Is there a way to disable that on the WG, so it doesn't block it? The WG has done this to some of my clients also, as we have our Labtech Agents installed on our their computers and servers, this will cause several packets to be sent back and forth.
LVL 32

Accepted Solution

dpk_wal earned 2000 total points
ID: 37510886
You can change few parameters under Default threat protection; which can prevent WG from blocking, you would need to play around a bit with the settings to come out with a profile which best suites your network traffic profile.


Thank you,

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question