Solved

Watchguard low end router firewall issues - I don't know what I am doing.  Can we set up remote session?

Posted on 2014-04-17
4
984 Views
Last Modified: 2014-04-20
I inherited a network with 2 watchguard boxes - 1 at main office(xtm21?) , 1 at remote site (X10e).  There's a VPN between them.  Things were good for a while, but now I am backing up 3 PCs using shadow protect continuous incrementals from the remote office to the home office.  Not sure if that's the issue, but the remote office WIRED devices get DHCP from the local watchguard.  But can't ping the router, can't get on the web, can't do anything.  Wireless devices (via a Ubiquiti Picostation) can get DHCP from the watchguard, and get on the web, ping the watchguard, etc..  The wired and wireless access point are all going through an unmanaged netgear switch into 1 port on the watchguard.

is there some setting in watchguard that says that mac address of that device used too much data and will only get an IP address?

Is there a place in watchguard UI to show that someone was cut off for using too much data?

Can I hire people through EE to help with this or for points, can we set up a remote session for you to see the UI / tell me / show me what needs to be done?

I will likely reboot this firewall and restore the wired devices.... but the problem will likely return when they start trying to send bvackup data.

and again, the problem isn't just with the vpn, it's with general web access from the wired devices (which are being backed up... so is it a wired issue or a too much data issue).  wired and wireless are all going into the same single port on the watchguard, so it's not 1 port is locked / 1 is unlocked...

Watchguard support sucks as far as I am concerned! faster / better answers from other users!
0
Comment
  • 2
4 Comments
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 40007421
ok, just mindlessly looking at the watchguard interface (is it me or the unit or poor design - it takes 5 - 10 seconds for each page to load).

On blocked site page, it lists 192.168.2.151, 1 of the wired machines saying it was blocked because of ip scan attack and will be released in the next 20 min.  I have it pinging the router and www.google.com and failing ping 192.168.2.1 -t.  is that enough to get it blocked!?

how to remove it from blocked site page and keep local machines from getting on there?
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 40007599
under firewall, there's 'blocked sites'  I added the subnets 192.168.1.0/24 and 192.168.2.0/24 to the blocked sites exception page. is that all?

I accidentaly put them on the blocked site page and locked my self out.  went in from the web to fix that.  I cause my own problems!
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 40010480
I may not be much help as I only occationaly use Watchguards, but a couple of comments

>>"Is there a place in Watchguard UI to show that someone was cut off for using too much data?
No but Watchguardds have licensing limits. I believe 10, 25, and unlimited.  If it is licensed for 10 devices, the 11th will connect, can use LAN resources, but cannot access the Internet.  Might you be exceeding the limit?  Rebooting the device will reset the counter which would allow you to try specific PC's.  Having said that I believe they can use the VPN

>>" it takes 5 - 10 seconds for each page to load"
That is normal.  Speed is not usually an issue on which only make occasional configuration changes

>>"I have it pinging the router and www.google.com and failing ping 192.168.2.1 -t.  is that enough to get it blocked!?"
It could be, or are you sure you don't have an infected machine?
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 250 total points
ID: 40011108
IP scan detection and similar stuff are configured from setup > "default packet handling"

i have no idea about the tresholds, but pinging several machines in 10 seconds might be enough to trigger the IP scan attack
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
sonicwall content filter on vpn 13 42
ospf neighbors not coming up 6 60
Cisco ASA VPN Client Routing 8 44
Windows 2012 R2 Anywhere Access and PCI compliance 5 34
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question