Application Control is blocking Android devices - ThunderVPN

phanaaekITphanaaekIT
edited June 21 in Firebox - Subscription Services

Many of our android devices can no longer access the internet and here is what we see in traffic monitor. I know I could allow this but is this a false positive?

2024-06-21 09:33:44 M270-site1 Deny 192.168.1.80 142.251.32.100 https/tcp 48612 443 Guest-Net External-isp Application identified 557 64 (HTTPS-proxy.guest-net-00) proc_id="firewall" rc="101" msg_id="3000-0149" src_ip_nat="..." tcp_info="offset 5 A 722037844 win 32768" app_id="86" app_name="ThunderVPN" app_cat_id="12" app_cat_name="Tunneling and proxy services" app_beh_id="6" app_beh_name="Access" action="AppControl.Guest-net" sig_vers="18.320" flags="SR" duration="0" sent_pkts="3" rcvd_pkts="0" sent_bytes="160" rcvd_bytes="0" route_type="SD-WAN" geo_dst="USA" Traffic

Comments

  • Bruce_BriggsBruce_Briggs

    Are these Android devices running Thunder VPN when they get blocked?

  • phanaaekITphanaaekIT

    @Bruce_Briggs said:
    Are these Android devices running Thunder VPN when they get blocked?

    No, and this issue just started a day or two ago.

  • Bruce_BriggsBruce_Briggs

    Then it looks like a false positive.
    My firewall shows Application Control was updated yesterday to v18.320.
    Consider opening a support case on this to let WG know about the apparent false positive.

  • D4rkSevenD4rkSeven

    I have the same problem

    2024-06-21 09:23:33 Deny 192.168.1.79 34.223.74.168 https/tcp 40880 443 LAN CABLECOLOR_200Mbps Application identified 557 64 (Full Internet-00) proc_id="firewall" rc="101" msg_id="3000-0149" src_ip_nat="..." tcp_info="offset 5 A 3774443527 win 22273" app_id="86" app_name="ThunderVPN" app_cat_id="12" app_cat_name="Tunneling and proxy services" app_beh_id="6" app_beh_name="Access" action="Full Internet" sig_vers="18.320" flags="SR" duration="0" sent_pkts="3" rcvd_pkts="0" sent_bytes="160" rcvd_bytes="0" geo_dst="USA" Traffic

  • George_GrinnellGeorge_Grinnell WatchGuard Representative

    Hello, this is a false positive with AppControl WatchGuard expects to have the issue fixed in updated signatures tomorrow. Please review this knowledge base article for more details. https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA1Vr0000003HFdKAM&lang=en_US

    George Grinnell
    WatchGuard Representative

  • George_GrinnellGeorge_Grinnell WatchGuard Representative

    This issue is Resolved: WatchGuard has released an updated IPS/AppControl signature set 18.321.

    The update resolves the false positive for traffic from Android based devices matching Application ThunderVPN.

    George Grinnell
    WatchGuard Representative

Sign In to comment.