Results 1 to 4 of 4

Thread: Issue with Watchguard Firebox VPN connection blocking access to web pages in Internet Explorer

  1. #1
    igorfitzpatrick Guest

    Default Issue with Watchguard Firebox VPN connection blocking access to web pages in Internet Explorer

    I connect to my company servers through a VPN tunnel called Wathguard Firebox SSL using Citrix conection software
    from my home office. I just installed Zone Alarm and all of the sudden when I have the VPN active I can not connect to the web using my Internet Explorer. I use VRS 6 on my Laptop and Vrs 7 of IE on my desk top so it is not IE. I spoke with our admin person and went to ZA, CITRIX and Watchguards web sites and none of their knowledge bases could help. Below is the comments I got from my Admin and what I tried to do to fix this. Noe of these worked. Any ideas?


    From what we were finding yesterday:


    <ul>[*]When the firebox software and zone alarm are running and we do nslookup, it tries to contact the correct address for the DNS but appears to be blocked.
    For example, even a ping to 209.206.160.254 would not respond.
    With the Zone alarm software disabled, the ping or nslookup command would respond.[*]The ip address of the DNS was acquired from the router.
    If on wireless router, it would use the default gateway for name resolution (192.168.0.1)
    and, if on the local network, it would use the DNS specified by the router on the network (209.206.160.254).
    Your DNS IP address may be different depending on your Internet Provider.[/list]




    What this all means to me is the blocking is happening on the Zone Alarm side where it detects that a software application other than Windows (Firebox SSL) is attempting to contact an outside site (DNS server in this case) and is blocking it.
    According to the Zone Alarm documentation, you can change the levels of the DNS blocking by going to Firewall|main. Go to Custom and turn off the blocking for Outgoing DNS and this should resolve your issue (under Internet Zone Security I believe).
    Because Firebox works at the network levels there may not be a way to disable the blocking just for that application although that would be ideal but I suspect Zone Alarm doesn t have a way to do that.
    You would have to work with the ZoneAlarm support to get that information.
    By turning of Outgoing DNS blocking (port 53) , that should get you going for now.

    I don t like these firewalls because 98% of the time they cause more problems then they solve.
    It s like having an alarm in your house which goes off every time the doors open but you can t turn it off. :^)

    Let me know how that goes.

    Cheers,

    --dan

    <hr>



    Dan,



    I spent the last 2 hours trying to get information on why Zone Alarm blocks my access to web pages on Internet Explorer. I tried all of your suggestions and found that it is happening on all three of my machines. I had forgotten that IU had switched over to Zone Alarm on my 2 desk tops last Friday. It appears that this is not an issue with Norton or LinkSys.

    Zone alarm does not have anything specific in their forum or knowledge base. Citrix does not either. I finally figured out that you have Watch guard as your VPN box. I can not get into their web site because I do not have your user name and password. I tried their customer support and they do not have this registered so their support people could no help me till you register the box.


    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.5

  2. #2
    billc Guest

    Default Re: Issue with Watchguard Firebox VPN connection blocking access to web pages in Internet Explorer

    I've never used VPN but let me see if I can help. First go to your Zone Alarm > Firewall > Main panel, click on the 'Advanced' button, then make sure you have the 'Allow VPN protocols' box checked.

    Another user had success in also following these steps. Go into the properties for you VPN connection, click on the Networking Tab, then go into properties for TCPIP, click on the Advanced tab and uncheck "use default gateway on remote network".

    Any luck? If not, try contacting Zone Labs Technical Support

  3. #3
    igorfitzpatrick Guest

    Default I need to access the internet out side of the VPN tunnel while in ZA

    Bill,
    Thanks for the post. I did verfy the 'Allow VPN protocols' box is checked. I have been communicating with ZA tech support and I am having a tough time getting them to understand that my VPN is working correctly with ZA active. I need to access the internet out side of the VPN tunnel while in ZA. I have to use both independently since my Admin does not want me using the internet through their server.
    That is where I am having difficulty getting help.
    Thanks Tom

  4. #4
    billc Guest

    Default Re: I need to access the internet out side of the VPN tunnel while in ZA

    Do I understand you to say that you can't just access the internet through your ISP and can only do so via your VPN? If that is the case, do you have your DNS & DHCP server IP's in your Trusted zone of your Firewall > Zones panel?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •