Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 24 December 2024, 07:09:32 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Disable Firewall and/or Remote Management
0 Members and 5 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Disable Firewall and/or Remote Management  (Read 17515 times)
qwaven
Full Member
***
Offline Offline

Posts: 23


« on: Saturday 27 August 2011, 02:09:20 am »

Hello,

I have Endian firewall setup behind my primary firewall. Something like this: [internet] -- [primary fw] -- [Endian] -- [network]

I'm trying to allow VPN access on the primary firewall. This works!

However I am not able to get to my network. I am hoping to disable the firewall on Endian temporarily to see if this is the problem, however I cannot seem to find the option. Only to turn off outgoing firewall connections. Is this possible?

Also is it posible to allow managing the firewall from the WAN (RED) network? This would also help me further troubleshoot.

Thanks for your help!
Logged
qwaven
Full Member
***
Offline Offline

Posts: 23


« Reply #1 on: Sunday 28 August 2011, 05:36:05 am »

Anyone able to help?

I've tested the following:

Connected a laptop in replace of Endian firewall. --I was able to ping/remote to it via VPN. Confirming VPN is working.

On Endian firewall I have disabled:
-Outgoing firewall
-IDS
-Inter-zone filtering

-Added rules:

Uplink main RED ICMP/8 ICMP/30 allow
Uplink main RED any allow


I still am unable to access any internal resources. Hoping someone will be able to help find the issue.

Thanks!
 


UPDATE: Figured out management access. Was able to access management page via VPN. Confirmed once again VPN is functional. Network access must me prevententd by some sort of firewall rule? Thoughts welcome! I'm stumped!! Help!

Also note I put firewall back to origianl state. Items disabled (noted above) have been removed. Waiting for advise from someone. They didnt seem to help anyway.
Logged
qwaven
Full Member
***
Offline Offline

Posts: 23


« Reply #2 on: Tuesday 30 August 2011, 01:37:14 am »

no one? just looking for a way to allow traffic in..... I'm sure the vpn would work once traffic is permitted. I'd hate to have to switch firewalls over this...

Thanks
Logged
speccompsol
Full Member
***
Offline Offline

Posts: 44


« Reply #3 on: Wednesday 31 August 2011, 05:11:28 am »

Where are the systems that you are trying to reach from the internet?  Between the 2 firewalls or on the internal network behind both firewalls?  If they are on the internal network, you will need to 'port forward' the appropriate ports from the outside firewall to the inside firewall and then again from the inside firewall to the internal system.
Logged
qwaven
Full Member
***
Offline Offline

Posts: 23


« Reply #4 on: Wednesday 31 August 2011, 05:20:36 am »

Hi,

Thanks for your response. Smiley

I was hoping to avoid using NAT intirely.

Network is something like below:

(vpn user) --> (firewall a) --> (Endian firewall) --> (green network)

On the Green network there are some servers which I need to be able to RDP to once connected to the VPN.

The VPN network is assigned an internal IP, and the internal interface of firewall a, external interface of Endian, and internal (green) interface of Endian have internal IP's.

during testing I was able to RDP just fine to a desktop when replacing the Endian firewall with it. (temporarily)

Thanks for your help!

Logged
speccompsol
Full Member
***
Offline Offline

Posts: 44


« Reply #5 on: Wednesday 31 August 2011, 05:59:00 am »

If I read it correctly, you have the internal interface of 'A' and both internal and external interfaces of the 'endian' box all assigned with ip's on the same subnet (your internal lan)?  This is probably not the best scenario.  What do you want to accomplish in the end?  What do you want firewall 'a' to do and what do you want the endian box to do?
Logged
qwaven
Full Member
***
Offline Offline

Posts: 23


« Reply #6 on: Wednesday 31 August 2011, 06:23:23 am »

Sorry let me illustrate my network better.

Devices:

Firewall A --Hardware appliance
Firewall B --Endian Firewall

IP Blocks /location:

VPN users: 10.10.0.0/24 VPN Network located on Firewall A
WAN: Public IP located on Firewall A
LAN1: 192.168.254.0/30 Firewall A internal interface to Firewall B External Interface (RED)
LAN2: 10.10.254.0/27 Firewall B Green Interface ; primary lan
LAN3/LAN4 are also on Firewall B but not relavant to this.

So:

(vpn user 10.10.0.0) --> (public-ip-firewall a-192.168.254.1) --> (192.168.254.2-Endian firewall-10.10.254.1) --> (green network-10.10.254.0)

Basically NAT should not be required to access the internal network (green) from the VPN. Ideally if routing is working and I am able to open up a firewall rule allowing traffic in, it should work just fine.

Firewall A: WAN connectivity and primary filtering
Firewall B: Http proxy, ids, has various networks going into it, QoS...etc.

Thoughts?

Thanks!


Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 21 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com