Botnet service/Gmail getting blocked

QCW_TMQCW_TM
edited January 6 in Firebox - Subscription Services

Hello all! Last week, I had one of our locations report problems with access Gmail, all other Google Workplace sites and services were fine, just Gmail was down. Digging around for awhile, I eventually found this is the logs:

2025-12-31 09:19:07 Deny 192.168.150.65 142.251.41.133 https/tcp 52709 443 Public Wifi Comcast blocked sites 52 127 (HTTPS-proxy-00) proc_id="firewall" rc="101" msg_id="3000-0173" tcp_info="offset 8 S 2585186209 win 61690" flags="SR" duration="0" sent_pkts="1" rcvd_pkts="0" sent_bytes="52" rcvd_bytes="0" botnet="destination" geo_dst="USA" Traffic

If I disable the Botnet Detection, everything works 100%. If I turn it back on, it blocks it again but once in awhile it might let it squeak through for just a second or two. I just disabled botnet detection for now and was going to tackle it when I had time.

But today, a second site had the same issue, I disabled botnet detection and back up and running! I have 13 different Watchguard devices, these are the only two having issues.

All the Watchguards are at the latest firmware.
All the Watchguards have the latest Botnet definitions.
It doesn't matter what interface it's on either, the Public Wifi, any Trusted networks, etc.

I haven't dug in yet, but wanted to ask around and see if anyone has run into this.

Thanks in advance!

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @QCW_TM
    I see that our botnet feed is including that IP (142.251.41.133 ) right now. I've requested the team that handles botnet to reevaluate the IP and remove it if needed.

    -James Carson
    WatchGuard Customer Support

  • tjminotjmino

    This just cropped up for us. I just added the IP Address 142.251.41.133 to one of my exceoption lists and it is now working. I'm guessing that all of Gmail is not a Botnet C&C system. Cheers! (and yes Drive and everything else was working ok).

  • QCW_TMQCW_TM
    edited January 7

    Yep, adding the exception worked for me too. But one embarrassing thing I'd like to add in case it helps another "better than novice user" like myself, I don't use the Web UI, so I didn't see this initially. But below is another thing I added to my case after the exception was added. Definitely red-faced though!

    "This is going to sound 100% insane, but when I went into add an exception before I started this conversation, there was no option to add an exception. I figured it was either on or off, no changing things like this.

    From the link in your email about how to create an exception, I saw the Web UI option, went there and added it easily. Then I went back to the System Manager and NOW the Botnet window was bigger and I could see the Exceptions/Add/Remove buttons.

    For fun and to make sure I wasn't crazy, I removed the exception in system manager, then shrunk the window up and I was able to make all those buttons disappear with no indication there were hidden buttons! I can't paste a screen capture, or I would!

    That is a perfectly fine fix for me for now."

    Yep, it appeared as if there was nothing on that System Manager screen, no scroll bars, arrows, or anything indicating the window was just shrunk up and hiding options :)

  • Bruce_BriggsBruce_Briggs

    A known "feature" of WSM Policy Manager.
    Been bit by it many times over the years.

Sign In to comment.