WatchGuard Setup for CrashPlan

Currently have a WatchGuard Firebox XTM330 and trying to configure for CrashPlan Cloud Service.  We have a Firewall Rule for HTTPS Proxy on Port 443 and a Rule for CrashPlan on 443, but the only way to get CrashPlan to communicate (Backup) on 443 is to Disable the HTTPS-Proxy Rule.   Any Suggestions?

I have attached a Screenshot of the Router Firewall Config table.Scrnshot
tomleadAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mitgcaCommented:
I don't know if you ever got this going or not, but....

First - move to the Windows GUI (WSM) instead of the Web Interface - although the WebUI in 11.10.2 has made some serious improvements, WSM is still so much quicker and easier to use.  I say this because I've been a WatchGuard Gold Partner for 15 years now and WatchGuard is the only firewall product we sell and support, and I use the interfaces on a daily basis across all our managed client sites - WSM is way quicker and easier than the WebUI, and it is what I am referring to in my steps below.  

One you get WSM installed, open Policy Manager and create yourself two new aliases (Setup --> Aliases --> Add).  The first one will be just the IP of your server that needs to connect to Crashplan (I'll use "backupserver" as my alias below).  The second alias should be called "CrashPlan Colos" and have these four subnets (there may be more, but these are the ones I've found so far - piss poor documentation on Crashplan's website so I got these from watching the FSM logs and Googling unknown IPs that my backupserver was trying to talk to):

216.17.8.0/24
209.208.241.0/24
50.93.246.0/24
162.222.40.0/24

Next - create a new HTTPS Packet Filter (Edit --> Add Policy --> Packet Filters --> HTTPS --> Add) from alias "backupserver" to alias "CrashPlan Colos".  Do NOT enable IPS or App Control, and make sure you enable logging on the properties tab.

Now create a new custom policy (Edit --> Add Policy --> Custom --> New) called "CrashPlan Ports".  Add the following protocols to it:

TCP : 4243
TCP : 4280
TCP : 4282
TCP : 4285
TCP : 4286
TCP : 1024-14500
TCP : 49000 - 52000

Then add a new policy from "CrashPlan Ports" outbound from "backupserver" to "CrashPlan Colos".  Do NOT enable IPS or App Control, and make sure you enable logging on the properties tab.

Save this config to your XTM, then restart the CrashPlan service.  It should now connect for you.

Good luck!

dcc

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mitgcaCommented:
Whoops - it appears these are all of Code42's subnet blocks:

https://ipinfo.io/AS62715

Netblock      Description      Num IPs
38.92.136.0/24       PSINet, Inc.      256
149.5.7.0/24       PSINet, Inc.      256
162.222.40.0/23       Code 42 Software      512
162.222.46.0/24       Code 42 Software      256
162.222.47.0/24       Code 42 Software      256
216.17.8.0/24       Code 42      256
50.93.246.0/23       Code 42      512
50.93.255.0/24       Code 42      256

dcc
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Anthony BakkerOwner/OperatorCommented:
Outstanding.!  Resolved my connection issue  Thanks!
mitgcaCommented:
Anthony - we found Crashplan (both the application and documentation) to be sh**ty enough that we only allowed it to continue running for a few weeks before we moved to Veeam, HP StoreOnce (replicated to another offsite StoreOnce) and RDX.  Crashplan is something we inherited at a new customer location.
Anthony BakkerOwner/OperatorCommented:
Unfortunately, seems that everyone/small businesses in Miami is El Cheapo.
Member_2_7966918Commented:
mitgca you deserve a medal!

We've been down for almost 8 months waiting on Crashplan to tell us what we needed to do to get it back up and running. Got it working again in 5 minutes with your info.

Thanks!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.