Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 2 subscribers
  • Views 13732 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Go to Meeting recently blocked

ccnaman
ASG V8.31... Recently, don't know exactly when, my users have not been able to connect to Go to meeting. In the firewall log I am showing default drop fwrule 60002 for packets going to port 443. Anyone else ever had something like this happen? Oddly enough I can connect to the test meeting that they provide ( https://www3.gotomeeting.com/join/406552062 )???

Thanks,
Richard


This thread was automatically locked due to age.
  • 0
    Hi,

    1. please post the entries from the firewall log (not from the live log; it is missing some info).

    2. check the IPS and Application Control logs also

    3. are you using the https proxy? In transparent mode?

    Barry
  • 0
    Thanks Barry... Here are the lines from the firewall log, I see nothing in the IPS or AC logs. New lines inserted, notice the drops for port 443. As far as the https proxy setting, please see attached, is this what you're asking?

    Thanks again, Richard

    srcmac="0:a0:c8:7e:7f:ef" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.0.144" dstip="81.18.240.138" proto="6" length="52" tos="0x00" prec="0x00" ttl="126" srcport="52267" dstport="80" tcpflags="SYN" 
    2013:11:27-08:04:18 dartmofw01 ulogd[5527]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="6" initf="eth0" outitf="eth1" srcmac="0:a0:c8:7e:7f:ef" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.1.27" dstip="208.67.222.222" proto="17" length="72" tos="0x00" prec="0x00" ttl="126" srcport="53346" dstport="53" 
    2013:11:27-08:04:18 dartmofw01 ulogd[5527]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:a0:c8:7e:7f:ef" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.0.105" dstip="202.12.28.131" proto="17" length="62" tos="0x00" prec="0x00" ttl="126" srcport="61280" dstport="53" 
    2013:11:27-08:04:18 dartmofw01 ulogd[5527]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="6" initf="eth0" outitf="eth1" srcmac="0:a0:c8:7e:7f:ef" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.0.20" dstip="208.67.222.222" proto="17" length="66" tos="0x00" prec="0x00" ttl="126" srcport="54881" dstport="53" 
    2013:11:27-08:04:18 dartmofw01 ulogd[5527]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:a0:c8:7e:7f:ef" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.5.75" dstip="74.125.228.3" proto="6" length="48" tos="0x00" prec="0x00" ttl="122" srcport="4514" dstport="443" tcpflags="SYN" 
    2013:11:27-08:04:19 dartmofw01 ulogd[5527]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="6" initf="eth0" outitf="eth1" srcmac="0:a0:c8:7e:7f:ef" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.1.27" dstip="208.67.222.222" proto="17" length="76" tos="0x00" prec="0x00" ttl="126" srcport="61017" dstport="53" 
    2013:11:27-08:04:19 dartmofw01 ulogd[5527]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:a0:c8:7e:7f:ef" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.0.161" dstip="74.125.228.1" proto="6" length="52" tos="0x00" prec="0x00" ttl="126" srcport="49266" dstport="80" tcpflags="SYN" 
    2013:11:27-08:04:19 dartmofw01 ulogd[5527]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:a0:c8:7e:7f:ef" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.0.146" dstip="74.125.228.3" proto="6" length="52" tos="0x00" prec="0x00" ttl="126" srcport="50884" dstport="443" tcpflags="SYN" 
    2013:11:27-08:04:19 dartmofw01 ulogd[5527]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:a0:c8:7e:7f:ef" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.1.146" dstip="81.18.240.138" proto="6" length="48" tos="0x00" prec="0x00" ttl="126" srcport="53558" dstport="80" tcpflags="SYN" 
    2013:11:27-08:04:19 dartmofw01 ulogd[5527]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="0:a0:c8:7e:7f:ef" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.1.146" dstip="81.18.240.138" proto="6" length="48" tos="0x00" prec="0x00" ttl="126" srcport="53559" dstport="80" tcpflags="SYN" 
    2013:11:27-08:04:19 dartmofw01 ulogd[5527]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="6" initf="eth0" outitf="eth1" srcmac="0:a0:c8:7e:7f:ef" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.1.27" dstip="208.67.222.222" proto="17" length="190" tos="0x00" prec="0x00" ttl="126" srcport="61982" dstport="53" 
    2013:11:27-08:04:19 dartmofw01 ulogd[5527]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="6" initf="eth0" outitf="eth1" srcmac="0:a0:c8:7e:7f:ef" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.1.27" dstip="208.67.222.222" proto="17" length="114" tos="0x00" prec="0x00" ttl="126" srcport="56735" dstport="53" 
    2013:11:27-08:04:19 dartmofw01 ulogd[5527]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="6" initf="eth0" outitf="eth1" srcmac="0:a0:c8:7e:7f:ef" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.0.20" dstip="208.67.222.222" proto="17" length="125" tos="0x00" prec="0x00" ttl="126" srcport="53587" dstport="53" 
    2013:11:27-08:04:19 dartmofw01 ulogd[5527]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name="Packet accepted" action="accept" fwrule="60006" initf="eth0" srcmac="b4:b5:2f:bb:ff:b1" dstmac="0:1a:8c:17:b3[:D]8" srcip="192.9.1.14" dstip="192.9.1.231" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="58292" dstport="4444" tcpflags="SYN"
  • 0
    Richard made the changes I suggested here...

    Those lines are from the Live Log.  Please copy the corresponding lines from the full Firewall log file, edit your post and replace the Live Log lines.

    Also, remember to respond to Barry's question about the Web Filtering mode you're using.

    Cheers - Bob
  • 0 in reply to BAlfson
    I edited...

    Thanks,
    Richard
  • 0
    Hi Richard

    Do you have 192.9.1.x and 192.9.0.x as Internal IP Addresses? Is that a public Range you own?

    Michael
  • 0 in reply to solae
    Solae, those are the internal addresses here. I didn't set it up...
  • 0
    ok, but if these are realy internal Address this is a realy bad configuration.
    So you can't reach any Server with 192.9.0.x or 192.9.1.x in the Internet.

    To your citrix issue: Can you provide a printscreen from the Firewall rules? "Network Protection --> Firewall". i think there are some rules missing for this traffic.
    I'm not using the Web Proxy much, but if i'm right, you need Firewall rules for the Groups you skip in the Proxy.
  • 0
    Hi, do you have Masquerading set up for both internal networks to use the EXT Address?

    Barry
  • 0
    I don't understand how the GoToMeeting Group is related to any of those IPs in the Firewall log.  I assume that you are in Transparent on the 'Global' tab of Web Filtering, or?

    Cheers - Bob
  • 0 in reply to BAlfson
    I assume that you are in Transparent on the 'Global' tab of Web Filtering, or?


    Hi Bob, he added a screenshot of his Web Filter settings when he edited the earlier post with the logs.

    Barry