Firebox freezes and must be rebooted!

[jcfrasco]

My Firebox II continues to freeze and will not respond until it is rebooted. It runs fine for various lengths of time so I can't see if there is something specific that happens at those moments to cause the lock ups. I can't activate reporting because that causes it to lock up almost immediately. Watchguard recommended I download a patch and after I installed it the Firebox worked fine for nearly a month when it suddenly locked up 3 times in one day. I'm connected to the Internet through a frame relay and one thing I've noticed is at the exact time the lock ups occur, every light on the frame relay box on the wall lights up. When it freezes, the lights on the firebox freeze in the same position when whatever caused it to lock happened, I get no response when I ping the IP address, and absolutley no packets move in or out. Since it works fine after a reset the box it's not a critical problem, but I really don't want to get called in from home to reset it since I live an hour away (seeking sympathy!). If anyone has any experiences similiar to mine I would appreciate their advice in resolving this.

Thank you,

jcfrasco

 

[rtaylor]

Hello,

I have a Firebox 1000 and Firebox II. I have the exact same issue and am not able to log because if I do, it knocks the firebox out so that I am not able to connect to it. The only solution I have ever found is flashing the box back to factory settings and starting over from scratch. Watchguard tells me this is not a problem with their firebox because no one but me reported it. As a software developer, I know quite well my software products are absolutely perfect with positively no issues UNTIL the first issue is reported.

I am connected through a T-1 and a fractional T-1 Private Frame (not public like most people) so your connection type would not play a role...I have both types of connections. I find no specific issue that causes this problem. I can simply update a rule or apply a patch and cause the problem. ALWAYS when telling it to log...the problem occurs.

Sorry I can't help, but if you want, feel free to let them know another person is having the problem they say doesn't exist.

Rich Taylor

 

[ductTape]

I have had similar problems with both a Firebox 1000 and a Firebox II. I have talked with Watchguard about this on many occasions and they say this is that this is the first they have heard of such a problem (hmm sounds kind of familiar).
Perhaps the configuration file on the firebox is getting corrupted.
I have been performing a reboot every two weeks or so and have not had any lock-ups since. (Not a good fix, but it appears to work)

 

[Ntr0P]

Which version of the software are you using? There have been issues as you have described with previous versions. The latest version so far has been very stable for me.

If you are running the current version, you may have a hardware issue. WG support should be able to address that for you though.

 

[bbridle23]

Aha, the good old Firebox! Mine has been crashing (lights in a fixed position, no connection, cannot ping any of the nics) since version 5 of the software. I now have changed the box 3 times and upgraded to the 2500, replaced all of the kit around the box and had an engineer out and it still crashes! I am ditching it now for a Netscreen.

 

[jcfrasco]

Thanks for everyone's help in this matter but I'm getting a new corporate firewall and will warehouse the firebox. I liked its ease of use but the lock ups are a major concern and I will not recommend it to others.

Thanks again,

jcfrasco

 

[ant2112]

I will buy it from you

 

[MOSSOP]

Well we too have a WGF2500, it constantly freezes and we must have powered it off and on at least 30\40 times in the last 3 months, when checking the logs we found that it was machines infected with MsBlaster, especially w32.nachi. But strangely it only takes one infected machine to bring down the Firebox, pretty rubbish, one infected machine to pull down our infrastructure.

Anyone know how to stop this, besides using updated AV on all the client wks?

 

[Jinx79]

We have a Firebox 1000 and have expirienced the same lockup problems.

MOSSOP: There is a MS hotfix which prevents 2000 and XP machines from becoming infected with Nachi. We had the same problem as you (one infected machine crashed the firebox) You must make sure that the PC's are clean of the virus before you patch the systems. Use the Mcafee Stinger program which is free to download from their website.

As for the other lockups we found that the Firebox has a very low tolerance to heat (No laughing please...). I can't remember the exact temprature but it wasn't too much above an average room temprature. We found that placing the firebox outside of our rack and making sure that it had good airflow all round the kit sorted a lot of our stability issues.

Cheers

Jinx

 

[MOSSOP]

Thanks Jinx79,

We have done all that, and have now got our EPO fully working so AV updates should be up to date - we cleaned alot of machines using stinger, but now we have got EPO pushing stinger as well out to all the clients, so that side is fine, but unfortunately there are a few infected remote dialin users that keep pulling the firebox down, I would have thought that Watchguard would have made some sort of update/patch for their boxes - to be honest one lone laptop freezing up our "infrastructure" is just not good enough, anyway when time comes for a new firebox, I maybe looking out for other brands......a bit of a pity but thats the way the cookie crumbles...LOL

 

[ashleym]

The one thing you can do to stop the FB from being brought down by a virus such as welchia or blaster is to block outbound ping. While this may be a pain in the butt for you, it will prevent those viruses from affecting your FB.

AM

 

[glamoutcn]

MOSSOP (TechnicalUser) Nov 7, 2003
Well we too have a WGF2500, it constantly freezes and we must have powered it off and on at least 30\40 times in the last 3 months, when checking the logs we found that it was machines infected with MsBlaster, especially w32.nachi. But strangely it only takes one infected machine to bring down the Firebox, pretty rubbish, one infected machine to pull down our infrastructure.

Anyone know how to stop this, besides using updated AV on all the client wks?
=========================================
I try to explain it.
Because Outgoing services!!SO,delete outgoing services in policy manager,add services of u must use.
Because worm bring 1-2000 icmp/s,one machine use up NAT port,so Firebox crash.

Suggest:
1.Delete outgoing service in policy manage!!!
2.Adjust log setup,log all message to check problem(include allow and deny).
3.Use autoblock in service.

Watchguard&Fortigate
=======================
From Shanghai of China
Msn:glamout2k@hotmail.com
Glad chat with u!

 

[BrianWilliams03]

Do you have any other solution for the firebox. We have upgraded to 7.0 and it did not help. Our firebox must of froze up more then 10 times this week.

I have 128 mb of ram in the box. Any other clue on why this is happening.

Also as a last option. DOes any one know of a good routable software based firewall that I can buy that is cheap. I don't mind open source but I dont mind paying several hundred dollars to getting something better.

Your help on this wood be good. I dont think smoothwall is routable which was the only problem,

Brian

PS. When I called watchguard they also acted like there firewall never freezes.

 

[BrianWilliams03]

Also I have a friend that has this same firewall for his VISP and they are also having problems with this firewall.

So your suggestion on better firewall will really help.

Thanks

Brian

 

[jneal99]

More than likely, this is caused by a machine on your network that is infected with a virus such as MS-Blast. Most firewalls have a connection limit and once this limit has been reached, it will not allow anything else to communicate.

 

[Frankenherder]

I had same problem.

You all have the Welchia virus on your network!!

I did not believe 2nd level support on this as I am running Norton Corporate and am very deligient with my A/V rules.

Run a sniffer (ethereal) inbetween your network and the firewall and you will see who is broadcasting. I was getting 1000-2000 packets a second, now I get about 100.

Did not show up in any of my logs. Maybe deny outbound ICMP and you will see it for yourself.

Matt

 

[BrianWilliams03]

Matt,

I really want to thank you very much for your help. It seems that when we turned off icmp we noticed that one of three computers of our internal computers was sending 300-400 requests per second and maybe that is why it was causing the firebox to crash. We will know if that was the issue but thanks for your help.

Also does any one know what the maximum amount of ram the watchguard firewall supports.

Brian

 

[BrianWilliams03]

I forgot to mention the main thing which was that we did find the Welchia virus on them as you suggested.

Thanks again.

brian

 

[rhardy99]

I have a WG Firebox1000 and it did random lockups all the time. I couldn't put a pattern on it, it could be 3 days or it could be hours in between lockups. After several posts to different forums and similar response from Watchguard I happened to stumble on it...
there is a cooling fan on the left side of the unit and if you shine a flashlight in there u can see if the fan is on. My was not...hence over heating and causing my lockups. I took out the "20" screws and opened my Firebox and simply pushed the fan power connector down on the circuit board...now my Firebox has been up for months with no lockups. I guess a temperature warning would be nice of some sort. Not sure if this could be any of your reasons but it was my small challenge!