Link to home
Create AccountLog in
Routers

Routers

--

Questions

--

Followers

Top Experts

Avatar of devon-lad
devon-lad

Unable to open ports on Firebox x20e
I need to open some ports on a Firebox at one of our customer's branch offices.  They have these units at every office for site-to-site VPN, but only the head office router has any open ports setup at present for their mail server.

Anyway, these units have been in place since around 2007 and have worked without issue. Firmware version on all units is 10.0.2.

What should be a 30 second job is turning into a bit of a challenge.  I've opened the necessary ports on the branch Firebox on the Firewall>Incoming screen and checked I've used the same method as the head office router - but it's not passing any traffic.

Initially I had created a custom packet filter policy with the 3 necessary ports included 21, 23 and 80.  But the logs showed that incoming traffic to these ports was being blocked.

So I used the existing common packet filters for HTTP, FTP and Telnet.  Now the logs are showing that the traffic is being let through, but closely followed by a number of errors - see attached screenshots.

I've tested the ports to the CCTV internally and all are working - it appears these errors in the logs are the cause, but have no idea how to resolve them.

Any ideas?

 User generated image User generated image

Zero AI Policy

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

ASKER CERTIFIED SOLUTION
Avatar of BrianBrian🇺🇸

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
Avatar of devon-laddevon-lad

ASKER

Yes, good point - I did realise the first message after the kernel message was related to NTP - but have only just realised the ones in red are too.

I can telnet to 192.168.5.107 on 21, 23 and 80 inside the firewall - so must be something that's happening on the Firebox.
Avatar of BrianBrian🇺🇸

I'm thinking that it is then a routing or NAT issue. Because this is a BOVPN site, the setups may be different than the main site. I would check your other config pages.

That last log entry does show an allowed packet going through the HTTP policy. Strange.

Is there a VLAN or anything behind this Watchguard? Are there any outgoing policies that could be redirecting the traffic?
Avatar of devon-laddevon-lad

ASKER

The main site is a BOVPN site as well - all sites are connected to all other sites - all routers are configured identically apart from the existing open ports at the main office.

Yes, I've compared all the settings pages on the router at the main site with this branch site - can't see any difference apart from different ports are open.

No outgoing policies and no VLANs setup.

As you can see from the screenshot, I've opened up 443 to go to the router itself - this works fine.
Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

Avatar of BrianBrian🇺🇸

I would use something like Wireshark to see what is happening on the LAN side. If port 443 works, then stands to reason the other ports are working as well on the Watchguard. Could be something on the LAN side. Is 192.168.5.107 a static IP? What's the network config look like?
Avatar of devon-laddevon-lad

ASKER

Yes, static IP - network is a simple subnet class C - single segment.  Local DC provides DHCP - but as I said, the CCTV host is static (and excluded in DHCP).

Just tried something - tried to ping the host from one of the other branches (no firewalls between branches) - no response.

Looks like the CCTV unit itself is blocking traffic from outside the local subnet.  I'll check with the installers.
Avatar of devon-laddevon-lad

ASKER

Was the CCTV unit itself that was blocking external traffic.
Free T-shirt

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Routers

Routers

--

Questions

--

Followers

Top Experts

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.