Trying to whitelist an IPv4 address

A program my company needs to run requires accessing 13.67.188.117 every time it's run. I've tried turning off Windows Firewall and adding this address to Exceptions in WebBlocker, and still can't even ping the address. Any ideas as to some first steps I can take, or some ideas I might've overlooked? Thank you.

Comments

  • RalphRalph WatchGuard Representative

    Hello pf,

    Filter for 13.67.188.117 in Traffic Monitor then try to ping/run your program to understand what's going on.

  • Always best to do a tracert instead of a ping as tracert shows the path that packets take.
    And as Ralph suggests - look at Traffic Monitor - either in the Web UI or WSM Firebox System Manager.

  • Thank you for the ideas, I did try this and it's showing nothing but "Allowed 92 28 (Ping Policy-00) proc_id="firewall".... even when the ping times out, as well as when tracert, after the 14th step, drops off and starts giving "request timed out" responses. Any other ideas, or would it be helpful to see where the tracert dropped off?

  • my tracerts stop responding at after 104.44.22.204 ae163-0.icr02.dsm05.ntwk.msn.net
    13.67.188.117 is a Microsoft IP addr.

    If your program can't access 13.67.188.117, if you don't see denies for this in Traffic Monitor, then it is doubtful that the issue is your firewall.
    Is there a domain name associated with 13.67.188.117 that your program is trying to access?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @photofalling

    You can use tcpdump to show/prove if that traffic is leaving the firewall or not.

    In Firebox System manager, go to Tools -> Diagnostic Tasks.
    -Choose TCP Dump from the drop down.
    -Choose the "advanced options" checkbox.
    -In the arguments box, type in "-i eth0 host 13.67.188.117 and icmp" without the quotes and click run task. If your external is a different port than port 0, replace eth0 with the correct port (eth1, eth2, etc.)

    If you see your pings leaving the firewall like my example here, then the firewall is not stopping your traffic -- it's something else upstream.

    https://imgur.com/a/VtFO4yL

    -James Carson
    WatchGuard Customer Support

  • Great, my results virtually matched yours, I think we need to find out which port that program uses and to add that to our whitelist. Much appreciated!

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @photofalling
    Once you have the port, you can check the logs (like Bruce mentioned) -- they'll also have the port # in the log

    The bold bit here (the 53) is my destination port -- in this case allowed.

    2020-02-10 16:13:18 Allow 192.168.10.1 8.8.8.8 dns/udp 62007 53 1-Trusted VLAN Firebox Allowed 84 128 (DNS-00) proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="192.168.10.1"

    Assuming it was port 53 like in my example, you could use the tcpdump argument "-i eth0 host 13.67.188.117 and port 53" to capture that traffic and prove it is leaving the firewall.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.