Firebox X10e Webserver/RDP issues

[Paperlantern]

Just installed Firebox X10e in my home, with my old SOHO 6 and filter set up on HTTP allowed my home website to be served up just fine, however with the new firebox, it refuses to work. Any firebox gurus out there care to pass on thier expertise on setting this up?

I am also trying to allow a remote desktop connection through the firewall to the same box with no success. I feel like i am completely missing something major.

 

[Emulex]

heh i saw that and had to do a doubletake i thought you were talking about that free trial fyrebox

 

[Paperlantern]

Originally posted by: Emulex
heh i saw that and had to do a doubletake i thought you were talking about that free trial fyrebox

LOL, No no, this is the real deal, full fledged firewall appliance, it just has me completely stumped on letting traffic through properly. Even using the wizard, it won't work.

 

[cmetz]

Paperlantern, I know this isn't exactly what you want to hear, but, after extensive experience with WG's Firebox products, I have found that they are most useful down range, for target practice. As a network device, they will cause you nothing but constant misery and problems. They are on my short list of gear that I simply will not work with, they go or I go.

 

[Cooky]

I agree w/ cmetz.
We had a Firebox (can't remember model number), which needed a weekly reboot.
Also its VPN client didn't play well w/ Cisco's - we had to remove Cisco client for the Watchguard client to work.

 

[Paperlantern]

Well unfortunately this is what I have to work with. It is quickly becoming the bane of my existance, and is making less and less sense as i go along. It was given to me by my employer because that is what we use as our firewalls and we are going to try and implement a VPN over two sites with this appliance. Even though this project isnt for my work, it is my personal mission to regain the functionality i had prior to installing the firewall. Plus the more i explore and learn about these appliances, the more valuable i will remain to my employer.

Im just not sure how I could possibly walk through the wizard designed to create the port forward and it still doesn't work. Its configured the only way that makes sense yet when i try to connect to my website, it times out, or RDP says it cant connect to the remote computer. It's got me completely stumped.

 

[Emulex]

did you google for the solution? i did and found several answers but i'll let you peruse them on your time.

(sorry i'm trying to clean and type)

 

[Paperlantern]

I googled and found nothing of value, or that didnt just tell me to do something i already did, maybe my terminology was off, i would appreciate a link or two.

 

[cmetz]

Paperlantern, you can't get this firewall to function at the level of a $10 SOHO gateway, and your business is going to depend on these to do site to site VPNs (which, presumably, you care about being up)?

 

[Emulex]

http://www.experts-exchange.co...curity/Q_23735867.html

i'd post more but i think you can google. let us know if you get port forwarding to work.

excerpt:
Went to
Firewall - Incoming - Custom Packet Filter Policies
Added Incoming Policy
[Incoming tab]
Incoming Filter: Allow
Policy Host: 192.168.1.31 <my local ip>
Port redirect: 9843
From: Any

[Properties tab]
TCP Port 1041

This seems to take incoming traffic on the public IP on port 1041 and forwards it to local IP 192.168.1.31 on port 9843.

 

[Paperlantern]

These are the same pages i used,for RDP I set an incoming filter to Allow, policy host is 192.168.111.100, the port redirect is 3389 and the port on properties tab is tcp port 3389. Is it just because i cant have the same port number on both or something?

Cmetz, i understand where you are coming from, i have the same feelings, now shut it, youre not helping, crass remarks that state the obvious are not going to get this working. This is what i have to work with.

 

[Crusty]

Originally posted by: Paperlantern
These are the same pages i used,for RDP I set an incoming filter to Allow, policy host is 192.168.111.100, the port redirect is 3389 and the port on properties tab is tcp port 3389. Is it just because i cant have the same port number on both or something?

Cmetz, i understand where you are coming from, i have the same feelings, now shut it, youre not helping, crass remarks that state the obvious are not going to get this working. This is what i have to work with.

If I had my Firebox here I could help you, but it was retired recently in favor of an ASA.

If you've followed the directions and it's still not working then obviously there is something else wrong other than the firewall config.

How are you testing this? AFAIK you won't be able to test it from an internal PC, you'll have to use an outside device to try to connect.

http://www.portforward.com/help/portcheck.htm for some help with that.

 

[Paperlantern]

Ok, with the help of Crusty's portforward test tool i was able to discover the problem with the port 80 forward, because it tested ok (i was previously unable to truely verify where the problem lay, i was testing it from outside the network, but all it would do is say cannot find server) i trouble shot some things with the web server configuration, and found that i had failed to update one listen command in the config file, it was still set to the old IP from my prior setup, so that problem solved.

I tested port 3389 for RDP and for some reason it is saying it cannot test that port because it is locked. It says this even on a fresh boot of the server. The kicker is i can still remote desktop internally. I wonder if i set a different external port and then redirect it to 3389 once its inside if it will work, i will report back.

 

[Paperlantern]

Still no dice. Even setting an uncommon external port rerouted to 3389 internally, remote desktop still wont connect. *sigh*

Well no one ever said it was easy.

 

[Emulex]

move the RDP listen port on your pc to like 3390 then try it.

still don't work? probably a dns or pre-existing rule blocking.

go get a free shell account somewhere to test your ports (telnet in) dude.

 

[Paperlantern]

Moving RDP Listen port to 3390 on the internal PC and changing the rule to match, still no dice.

And the port checker Crusty linked to works great, and in changing it to 3390, the port checker says its open, but a RDP connection from my workplace still wont connect.

 

[Crusty]

Originally posted by: Paperlantern
Moving RDP Listen port to 3390 on the internal PC and changing the rule to match, still no dice.

And the port checker Crusty linked to works great, and in changing it to 3390, the port checker says its open, but a RDP connection from my workplace still wont connect.

Check the firewall there.

 

[Paperlantern]

Naw its not the firewall there, nothing has changed on it and i used to be able to connect up here just fine.