Solved

Watchguard Issues

Posted on 2014-04-12
3
646 Views
Last Modified: 2014-04-13
Hello!
I have a Watchguard XTM 25 and systems on two subnets.  Subnet A is 10.0.0.xxx and Subnet B is 192.168.1.xxx.  From the 10.0.0.xxx I can ping a Windows 2008 R2 server IP on the 192 subnet.  From the 192 subnet, I cannot ping anything on the 10 network.  I can ping the default 192 gateway which is set up as a VLAN on Port 2, and the default gateway for the 192 network is on an HP Procurve 2848 switch (also pingable).

How can I get the Windows 2008 R2 server on the 192 network to talk to the 10 network.

Also, I cannot RDP from the 10 network to the 192 network.  I receive the following error when attempting to RDP:
2014-04-12 20:49:33 Deny 10.0.0.64 192.168.1.244 1900/udp 33895 1900 1-Trusted 2-VLAN 100 Denied 501 63 (Unhandled Internal Packet-00)  proc_id="firewall" rc="101"       Traffic

Any assistance would be appreciated.

Thank you!
0
Comment
Question by:swlaurie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39997070
Besides possible issues with routing, did you open the necessary ports/holes in the firewall?

e.g:

- Port for Remote Desktop --> 10.x.x >> TCP 3389 >> 192.x.x
- Allow ICMP Echo from 192.x.x on the 10.x.x network
0
 

Author Comment

by:swlaurie
ID: 39997206
Spravtek,
I am a complete noob to the WG line. How would I go about setting the above up?
0
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 500 total points
ID: 39997259
Well ... Good question, I don't have a WG myself, thought you would be able to get in there and get going ;)

Maybe if you post some screenshots? Can you tell us where exactly you get stuck?

There's an endless amount of possibilities with Firewalls, it can be routing, though I doubt it, it can be that you just need to enable some policies...

For starters, check what policies are enabled: Firewall > Firewall Policies

Try to add a policy from the templates, maybe there's one for Remote Desktop? If not, you could create a policy for port 3389 for example ...

You'll probably need to check the aliases of your network, see which one is trusted and such things...

I don't know what you want to open on the network, is the 10.x.x considered as the outside network or DMZ? ...

Hope this helps you on your way ... I know it's not ideal, it's difficult without eyes on the device/interface :)
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question