Users blocked b the firebox

rbensiamrbensiam
in Firebox - Other

Hello

We use an M370 box and since the update to the new OS 12.8 (Build 659436), i have some user who have their trafic dropped by the box and they can't connect to the webmail for example.

more services impacted are HTTPS/HTTP.

here is some erros in the logs .

Firebox Mismatched MAC/IP blocked 78 128 (Internal Policy) proc_id="firewall" rc="101" msg_id="3000-0148"

_
FWDeny
Mismatched MAC/IP blocked
pri=4
disp=Deny
policy=Internal-Policy
protocol=igmp
src_ip=192.168.20.15
dst_ip=224.0.0.2
src_intf=LAN
dst_intf=Firebox
rc=101
pckt_len=32
ttl=1
3000-0148_

This IP is reserved for a phone of one of the users and he was connecting normally until today at 23h30

When i try to check if any new update for the Firebox i have the message that "It is impossible to connect to watchguard's servers"

Any one had already this problem ?

thank you

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @rbensiam
    Have the user check to see if they're using a randomized mac address. It'll usually be in their wifi settings in iOS or Android.

    The phone likely did a DHCPrenew or DHCPinform with the new MAC, and since there's a reservation for a different MAC, showed that error.

    -James Carson
    WatchGuard Customer Support

  • rbensiamrbensiam

    Hi @James

    thank you for your help.

    Iam aware about the randomize of MAC's who can cause problem, tis specially user was connecting normally and this problems happened only from today.

    I have same issue with another user on computer, when he try to do a ping i can see it on the "Traficmonitor" but he can't use HTTPS.

    I tried to change the DNS thinking it is maybe some issue with the google's one with my ISP but same problem.

    i tried to change the reservation of the adress and same problem.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    This type of message should only occur if mac address control is on -- if that mac is in the list, I'd suggest opening a support case so that we can look into it.

    I would also caution against using MAC address whitelisting/blacklisting as a security method, as it's trivial to spoof MACs.

    -James Carson
    WatchGuard Customer Support

  • rbensiamrbensiam

    Finally, i could install an old version of the OS and everything is working.

Sign In to comment.