Solved

Watchguard Issues

Posted on 2014-04-12
3
640 Views
Last Modified: 2014-04-13
Hello!
I have a Watchguard XTM 25 and systems on two subnets.  Subnet A is 10.0.0.xxx and Subnet B is 192.168.1.xxx.  From the 10.0.0.xxx I can ping a Windows 2008 R2 server IP on the 192 subnet.  From the 192 subnet, I cannot ping anything on the 10 network.  I can ping the default 192 gateway which is set up as a VLAN on Port 2, and the default gateway for the 192 network is on an HP Procurve 2848 switch (also pingable).

How can I get the Windows 2008 R2 server on the 192 network to talk to the 10 network.

Also, I cannot RDP from the 10 network to the 192 network.  I receive the following error when attempting to RDP:
2014-04-12 20:49:33 Deny 10.0.0.64 192.168.1.244 1900/udp 33895 1900 1-Trusted 2-VLAN 100 Denied 501 63 (Unhandled Internal Packet-00)  proc_id="firewall" rc="101"       Traffic

Any assistance would be appreciated.

Thank you!
0
Comment
Question by:swlaurie
  • 2
3 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
ID: 39997070
Besides possible issues with routing, did you open the necessary ports/holes in the firewall?

e.g:

- Port for Remote Desktop --> 10.x.x >> TCP 3389 >> 192.x.x
- Allow ICMP Echo from 192.x.x on the 10.x.x network
0
 

Author Comment

by:swlaurie
ID: 39997206
Spravtek,
I am a complete noob to the WG line. How would I go about setting the above up?
0
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 500 total points
ID: 39997259
Well ... Good question, I don't have a WG myself, thought you would be able to get in there and get going ;)

Maybe if you post some screenshots? Can you tell us where exactly you get stuck?

There's an endless amount of possibilities with Firewalls, it can be routing, though I doubt it, it can be that you just need to enable some policies...

For starters, check what policies are enabled: Firewall > Firewall Policies

Try to add a policy from the templates, maybe there's one for Remote Desktop? If not, you could create a policy for port 3389 for example ...

You'll probably need to check the aliases of your network, see which one is trusted and such things...

I don't know what you want to open on the network, is the 10.x.x considered as the outside network or DMZ? ...

Hope this helps you on your way ... I know it's not ideal, it's difficult without eyes on the device/interface :)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t pr…
When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question