Re: SOHO firewall dropping incoming 443 connections - incorrect state

From: ITguy_uk (itguy_uk@hotmail.com)
Date: 03/12/03

• Next message: Brian S. Schumacher: "WatchGuard Firebox II...the 'old' model."
• Previous message: ClareOldie: "Re: Mailwasher"
• In reply to: PhuPhyt: "Re: SOHO firewall dropping incoming 443 connections - incorrect state"
• Next in thread: PhuPhyt: "Re: SOHO firewall dropping incoming 443 connections - incorrect state"
• Reply: PhuPhyt: "Re: SOHO firewall dropping incoming 443 connections - incorrect state"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: itguy_uk@hotmail.com (ITguy_uk)
Date: 12 Mar 2003 07:32:18 -0800

PhuPhyt <phuphyt@hotmail.com> wrote in message news:<2mut6vo2ucfu5h4c504shrufdo34ti3sad@4ax.com>...
> On 11 Mar 2003 03:19:26 -0800, itguy_uk@hotmail.com (ITguy_uk) wrote:
>
> >I am currently using a Watchguard SOHO firewall (version 5.1.6 boot
> >rom 3.7) to connect a private ethernet network to the internet via an
> >ADSL line. The only incoming connection that I allow is an HTTPS port
> >(443) to an Outlook Web Access server for remote users (mainly on
> >dialups). Occasionally the firewall seem to just start denying HTTPS
> >connections on port 443.
>
> I think you should open up a case at WatchGuard and pound them for a
> solution. I have the same problem, just with alot of other ports. (I
> run a ircd server and users can´t always connect through port 6667
> which they are supposed to. I have changed back to 5.0.35a which
> doesnt have this problem. I started a case with WatchGuard too, and
> was told to log all traffic, which i wasn´t interested in as that
> would really mean a breach in users security to do so.
>
> I know that the techsupport DOES infact have a so called cowboy patch
> as they call it. But its not something they wanna let the users itself
> apply :(
>
> They need to release a new firmware for the WatchGuard Soho 5 box to
> eliminate this problem. I bet this problem is all around for users has
> this firewall but maybe hasnt checked the log or never gotten any
> responses from customers not able to get through the firewall.
>
> Btw. i get that same problem with both, FTP, SMTP, 6667 and HTTP so,
> its not a common problem for just port 443 as in your case.
>
> kind regards
> René

René

Thanks for the info it helps to know I am not just going mad!!! I will
open a case with Watchguard (once I get the Admin contact changed over
from the previous admin). I have been logging all the incoming
traffic to a Syslog daemon and kept all the log files for the past
week, so if its log files they need, its log files they will get.

What is also odd is I have connected to the server that is remotely
(where issue shows) and internally accessed from within the network
with ethereal (network sniffer) running to analyse the traffic. The
client PC connects to the server via an ephemeral port to port 443
(HTTPS) and then it only seems to use two ephemeral ports from the
client not like the ever increasing number when connecting externally
through the firewall. I am not sure if this is the PPP dialup
protocol causing the difference or the Watchguard firewall. Either way
the firewall should still work correctly without all these lockups.

It concerns me why Watchguard don't want to release that patch? this
seems quite a major bug that needs resolving and from a supposedly
reputable security company this seems very unsatisfactory. If I had
my way I'd be using a Linux box with IPTABLES on it but a previous
network admin install this firewall, I ran one of the boxes for 18
months with no reboots or security breaches!!!!

Thanks again for the info, when I get a reply from Watchguard I will
post the results on here.

Martin

---

• Next message: Brian S. Schumacher: "WatchGuard Firebox II...the 'old' model."
• Previous message: ClareOldie: "Re: Mailwasher"
• In reply to: PhuPhyt: "Re: SOHO firewall dropping incoming 443 connections - incorrect state"
• Next in thread: PhuPhyt: "Re: SOHO firewall dropping incoming 443 connections - incorrect state"
• Reply: PhuPhyt: "Re: SOHO firewall dropping incoming 443 connections - incorrect state"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Cant access web on local network server ... For correct DNS resolution you have also open port 69. ... Basically with a firewall to the external world you should be fine. ... Basically the port 80 is for http, sometimes 8080, https uses port ... Standard server and now my pcs can not access the web ... (microsoft.public.windows.server.general) Re: Need https,portscan help ... the port is open or you wouldn't be getting there ... the firewall sitting in front of the webserver doesn't know ... probably not filtering/routing the https request through the firewall ... Colonel Flagg ... (alt.computer.security) Re: Wrapping TCP communications in HTTP ... That sounds like we might be able to get away with going through port 80 by ... simply wrapping all of our messages in HTTP GETs or POSTs, ... but I still don't think that going through HTTPS is going to ... >> firewall and be able to connect to our components. ... (microsoft.public.win32.programmer.networks) Re: Wrapping TCP communications in HTTP ... Use port 443 (HTTPS) instead. ... Microsoft MVP, MCSD ... > firewall and be able to connect to our components. ... (microsoft.public.win32.programmer.networks) Re: SOHO firewall dropping incoming 443 connections - incorrect state ... The only incoming connection that I allow is an HTTPS port ... Occasionally the firewall seem to just start denying HTTPS ... I think you should open up a case at WatchGuard and pound them for a ... (comp.security.firewalls)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)