Solved

Watchguard Issues

Posted on 2014-04-12
3
632 Views
Last Modified: 2014-04-13
Hello!
I have a Watchguard XTM 25 and systems on two subnets.  Subnet A is 10.0.0.xxx and Subnet B is 192.168.1.xxx.  From the 10.0.0.xxx I can ping a Windows 2008 R2 server IP on the 192 subnet.  From the 192 subnet, I cannot ping anything on the 10 network.  I can ping the default 192 gateway which is set up as a VLAN on Port 2, and the default gateway for the 192 network is on an HP Procurve 2848 switch (also pingable).

How can I get the Windows 2008 R2 server on the 192 network to talk to the 10 network.

Also, I cannot RDP from the 10 network to the 192 network.  I receive the following error when attempting to RDP:
2014-04-12 20:49:33 Deny 10.0.0.64 192.168.1.244 1900/udp 33895 1900 1-Trusted 2-VLAN 100 Denied 501 63 (Unhandled Internal Packet-00)  proc_id="firewall" rc="101"       Traffic

Any assistance would be appreciated.

Thank you!
0
Comment
Question by:swlaurie
  • 2
3 Comments
 
LVL 25

Expert Comment

by:Zephyr ICT
Comment Utility
Besides possible issues with routing, did you open the necessary ports/holes in the firewall?

e.g:

- Port for Remote Desktop --> 10.x.x >> TCP 3389 >> 192.x.x
- Allow ICMP Echo from 192.x.x on the 10.x.x network
0
 

Author Comment

by:swlaurie
Comment Utility
Spravtek,
I am a complete noob to the WG line. How would I go about setting the above up?
0
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 500 total points
Comment Utility
Well ... Good question, I don't have a WG myself, thought you would be able to get in there and get going ;)

Maybe if you post some screenshots? Can you tell us where exactly you get stuck?

There's an endless amount of possibilities with Firewalls, it can be routing, though I doubt it, it can be that you just need to enable some policies...

For starters, check what policies are enabled: Firewall > Firewall Policies

Try to add a policy from the templates, maybe there's one for Remote Desktop? If not, you could create a policy for port 3389 for example ...

You'll probably need to check the aliases of your network, see which one is trusted and such things...

I don't know what you want to open on the network, is the 10.x.x considered as the outside network or DMZ? ...

Hope this helps you on your way ... I know it's not ideal, it's difficult without eyes on the device/interface :)
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Routing VLANs 5 44
Comms between vlans via router 2 22
Hardening ScreenOS 8 64
stacking Catalyst 3650 11 8
This article is a how to to configure a UCS Ethernet-uplink portchannel via the console. It is easy to do and can be done quite quickly. In certain versions of the UCS manager the portchannel has issues coming up and this is a workaround. I am…
This video discusses moving either the default database or any database to a new volume.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now