Comments
-
Ran one. Was pretty much the same. Found the issue though. When the server connected to the WG it changed for some reason to being on a public or guest network. I dont know how or why. The application did not have a firewall record on the server for public networks. Thus blocked. Thanks for your help Bruce!
-
Ok i was able to reboot and there is no change.
-
I will try and reset the device when the ladies go to lunch. I might not be able to because we have someone remoting in from Alaska. So i might have to wait till everyone leaves for the day.
-
I have run a netstat on it and the port is listening. Also i can physically open a browser on the server and load pages using the ports.
-
Before i made the switch, upgraded standard router (Netgear) with Firebox T25. Ip address of server is 192.168.1.201 , 255.255.255.0, Pc 192.168.1.44, 255.255.255.0
-
Maybe you could answer one more question Bruce. Would the WG have anything to do with TCP retransmissions of SYN packets? I did a wireshark capture of this issue and its littered with retransmission when i am having this problem. 4743 42.374533 192.168.1.44 192.168.1.201 TCP 66 [TCP Retransmission] 53071 ? 9000 [SYN] Seq=0…
-
Thanks for your response Bruce. Everything currently is on one trusted interface. So it should not be sending packets across trusted interfaces. Also i created a custom http proxy policy on port 9000 that allows Any-Trusted to Any-Trusted and I am still unable to reach port 9000. If i am not sending across interfaces would…
-
Thank you Chris. Im sorry i should have reported back sooner. After all the testing done from this forum it all lead us to believe it was not in the WatchGuard and it turned out it was not. We actually found a bug in the programming language having to do with a newer version of openssl. The WG was doing its job properly…
-
Question if your still around. If i am running IIS on the machine behind the WG, and the machine has the WG cert installed in its local store. Should i be able to call a script through the web browser on that machine and successfully send/receive from a secure API?
-
I have requested they check the logs for me. I do not think it is this one API considering i get the same behavior from any i try so far.
-
I will do a packet capture through the watchguard and post.
-
I dont see anything on the service. I have a wireshark packet capture, i have done about 25 of them, all of them do show a response ACK from the service IP. Dont worry about 192.168.1.2 It is accross my VPN tunnel and sending to 10.0.1.25 Box sending to API 10.0.1.25 ISP DNS server 71.10.216.X
-
Ok i created this new HTTPS policy as described. I turned logging on to show in the traffic monitor. The traffic monitor shows the allow out using the newly created policy. Still not getting through to the API though.
-
Hey @"james.carson" thank you for the response. Would the default "outgoing" policy be used if the script is specifying HTTPS:// ? I see the allow in the traffic monitor when the script calls the api and it shows using the HTTPS-Proxy-00 policy. I thought maybe because the policy was only using Any-Trusted as the "From"…