Re: Sygate Pro confusing entry block in traffic logs

• Previous message: Moe Trin: "Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMARE"
• In reply to: louise: "Sygate Pro confusing entry block in traffic logs"
• Next in thread: louise: "Is this Correct? Re: Sygate Pro confusing entry block in traffic logs"
• Reply: louise: "Is this Correct? Re: Sygate Pro confusing entry block in traffic logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 09 Oct 2005 02:45:31 GMT

louise <nospam@nospam.com> wrote in
news:MPG.1db1e030f5795a3b989721@news-server.nyc.rr.com:

> Win XP Pro, Linkysys wired router - not networked. Sygate Pro with
> newest signatures.
>
> I get this blocked listing in my traffic logs many times an hour,
> frequently 6 or 8 times in a row within a minute or two.
>
> It seems to be referencing my router - but I don't understand it
> and I would like to resolve the issue properly. How do I figure
> out what process is trying to call out (I think that's what it's
> doing).
>
> The log entry is:
>
> 10/8/2005 2:50:40 PM Blocked 10 Incoming UDP
> 192.168.1.1
> 00-04-5A-F2-15-30 23068 192.168.1.100
> 00-0E-A6-4D-B1-FB 162 Madeline SONATA Normal
> 1 10/8/2005 2:50:38
> PM 10/8/2005 2:50:38 PM Block_all
>
> 192.168.1.1 is my router and I think the other entry ending in 100
> is also my router.
>
> Sonata is the name of the machine and Madeline is the
> Administrator.
>
> Louise
>

Well of course Sygate is going to sit their and whine if you don't
configure Sygate to trust the router's Device IP of 192.168.1.1. The
router Device IP will communicate with the machines on the LAN if you'll
let it. If Sygate was not on the machine and machines sitting behind a
router in a LAN situation don't always have a personal FW active on the
machine, it wouldn't even be noticed it's just normal network traffic on
the LAN.

The same holds true for 192.168.1.100. It's a machine on your LAN behind
the router that has the IP. I'll assume you have more than one machine on
the LAN and all of them are running Sygate. You should configure Sygate
to trust the LAN IP(s) that can be issued to machines by the router's
DHCP server and you should trust the router's Device IP. Sygate is
blocking and/or reporting when it shouldn't be because you don't have
Sygate properly configured to ignore the chatter/traffic between the
devices.

So, if you have two machines on your LAN and one has an IP of
192,168.1.100 and the other machine has an IP of 192.168.1.101, then you
configure Sygate on the machine that has the IP 192.168.1.100 to trust
the traffic coming from the machine that as the IP 192.168.1.101. You
would configure Sygate on the machine that has 192.168.1.101 to trust the
traffic coming from 192.168.1.100.

And of course for Sygate running on both machines, you would configure
Sygate to trust the router's Device IP.

It's that simple.

Duane :)

• Previous message: Moe Trin: "Re: March 29, 2006 total eclipse - IT admin's WORST NIGHTMARE"
• In reply to: louise: "Sygate Pro confusing entry block in traffic logs"
• Next in thread: louise: "Is this Correct? Re: Sygate Pro confusing entry block in traffic logs"
• Reply: louise: "Is this Correct? Re: Sygate Pro confusing entry block in traffic logs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]