watchguard packets dropped

watchguard packets dropped
Secure Home | Search | About
Login Password
Register Now! Lost Password?

Networking Firewalls - Software and hardware firewalls discussions 

Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
watchguard packets dropped steve.logan@gmail.com 11-19-2007
Posted by steve.logan@gmail.com on November 19, 2007, 9:21 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I'm new to firewalling anything beyond the basics, and I have our
Watchguard up and running and have moved one of our web sites behind
it, so we're starting to see some traffic through it. I'm a tiny bit
concerned that people with legitimate connections might be getting
blocked because of some of the rules in the firewall.

For example, this first IP (24.38.17.25) seems to be a Comcast user
trying to bring up a web site. Can someone give a brief insight into
the reasons the firewall is blocking these connections?

"TCP RST packet without an associated connection"
"TCP SYN checking: connection not established yet [-A---F];"


2007-11-19 21:02:56 Deny 24.38.17.25 xxx.xxx.xxx.xxx http/tcp 52480 80
0-External unknown TCP RST packet without an associated connection,
firewall drop 40 241 (internal policy) tcpinfo="offset 5 R
1327508525 win 0"

2007-11-19 21:03:17 Deny 24.38.17.25 xxx.xxx.xxx.xxx http/tcp 52488 80
0-External 1-Trusted TCP SYN checking: connection not established yet
[-A---F], firewall drop 52 49 (internal policy) tcpinfo="offset 8 FA
942952889 win 65535"



I'm also seeing some of these "Unhandled External Packet-00"
connections being denied.

2007-11-19 21:14:04 Deny 67.15.135.144 xxx.xxx.xxx.xxx 54122/tcp 80
54122 0-External 1-Trusted denied 44 48 (Unhandled External
Packet-00) tcpinfo="offset 6 SA 363997396 win 5840"

Thank you,

Posted by Leythos on November 19, 2007, 10:04 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
In article <771914bf-0e06-43af-980a-8cb9100341b5
@n20g2000hsh.googlegroups.com>, steve.logan@gmail.com says...
> I'm new to firewalling anything beyond the basics, and I have our
> Watchguard up and running and have moved one of our web sites behind
> it, so we're starting to see some traffic through it. I'm a tiny bit
> concerned that people with legitimate connections might be getting
> blocked because of some of the rules in the firewall.

First, without knowing what rules you created there is little way to be
sure what you have blocking for what reason.

Normally, the inbound connections only get blocked for a couple reasons:

1) No rule permitting inbound access
2) Malformed packets
3) Attack detected, IP blocked for 20 minutes automatically
4) Source IP part of hard block list

I've got a LOT of watchguard firewalls in service all over the country,
what Model and what firmware are you using?

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Similar ThreadsPosted
UDP packets are dropped by the PIX December 22, 2005, 4:57 pm
Certain DHCP Broadcasts being dropped?!? February 12, 2007, 12:05 pm
Sonicwall "Web access request dropped" Rule 6 December 17, 2004, 10:49 am
Strange dropped packages - guarddog/iptables September 17, 2009, 10:55 pm
What are these UDP packets? February 24, 2009, 3:25 pm
strange packets from 192.168.1.126 February 21, 2008, 12:54 pm
Suspicious Packets Using Yproxy August 3, 2004, 9:13 pm
Strange ICMP packets September 15, 2005, 10:53 pm
New type of ICMP packets October 26, 2005, 11:06 am
Should I block Fragmented IP Packets? November 19, 2005, 9:02 am

The site map in XML format XML site map

Contact Us | Privacy Policy