Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Intrusion Prevention causing issue 1

Status
Not open for further replies.
TheAmboyduke

TheAmboyduke

Technical User
Mar 12, 2009
13
0
0
US
We have an XTM 5 Series firebox running WSM 11.3.2. We have had it for awhile but the boss had never used the Intrusion prevention on it. He turned it on a couple of weeks ago. We have been adding stuff to the HTTP exceptions as needed. We are IT for a county. I will admit my firewall exp. is not the greatest. The adult probabtion department has a website that they import scanned documents to. Ever since we have turned n Intrusion prevention they have been having issues. Sometime the scans will go successfully sometimes they wont. They are not getting any firewall message when they fail. We added the website to the http exceptions, we added a rule in the FTP upload/download for .pdf. We were getting a message on Traffic monitor saying "tcp syn checking failed". We turned this off but their problems continue. Now the only message that comes across the Traffic Monitor is: "2013-04-04 10:53:16 Deny 50.58.28.232 24.117.89.66 64745/tcp 443 64745 0-External Firebox Denied 40 57 (Unhandled External Packet-00) proc_id="firewall" rc="101" tcp_info="offset 5 A 343323016 win 32950" Traffic"
I asked the boss to turn of the intrusion prevention to see if scanning issues went away and they did. As soon as we turned it back on the issues came back. I find it very puzzling that it doesnt happen all the time, but is happening on a very regular basis.
Any help in this matter would be greatly appreciated.

 
Sort by date Sort by votes
Please forgive if i am not using proper terminology.
As a side note I had one of the workers scan while i was watching the traffic monitor and there were a few message that i stated above came up before she actually clicked to import to the webiste and one came up right about the time she clicked it and it did fail to import. There could have been others scanning to the site at the same time but not sure. Its a random thing they do thruout the day.
 
Upvote 0 Downvote
another note here. This site is https that they go to which on our firewall we our not restricting https in anyway.
 
Upvote 0 Downvote
Its a bit hard to tell what is causing the issue without seeing a real time trace.

Also, have you thought about upgrading your software? XTMs are up to 11.7.2 now, and perhaps along the way, they fixed a bug that might solve your issue?

ACSS - SME
General Geek

 
Upvote 0 Downvote
That was watchguards first bit of advice. Havent had chance to do it yet.
 
Upvote 0 Downvote
upgrading the software has seemed to done the trick. thx Im giving you a star hairlessupportmonkey. You gave me same advice as Watchguard and so far it is working.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
116
nnaarrnn
nnaarrnn
Jimbo2015
  • Locked
  • Question
Avaya - Watch guard issue with keep alives
Replies
1
Views
54
hairlessupportmonkey
hairlessupportmonkey
sudhakar346
  • Locked
  • Question
Cisco ASA inside to DMZ issue over public IP
Replies
2
Views
53
kythri
kythri
chitownbrit
  • Locked
  • Question
Sonicwall Fiber Connection Issue
Replies
0
Views
33
chitownbrit
chitownbrit
intel233
  • Locked
  • Question
EPO 5-Dat Available issue
Replies
0
Views
29
intel233
intel233

Part and Inventory Search

Sponsor

Back
Top