Firewall Wizards mailing list archives
RE: UPS Worldship connection problems with new firewall device
From: Servie Platon <servie_tech () yahoo com>
Date: Sun, 28 Aug 2005 11:52:24 -0700 (PDT)
Thank you Nathan, Paul, Bruce and Keith for giving some of your insights on what to do. Before posting to this prestigeous group. I called UPS technical support and was told to allow ports 80 and 443 on the firewall. So, I created/added a rule named UPS to do that which allows the network 153.2.x.x to LAN to pass through on said ports. I have also called technical support of SonicWall for assistance and sent them the tsr (tech support report) file which has the list of rules and other configuration but so far they have not seen anything wrong with it. For this firewall appliance (TZ170), I have just enabled Terminal Services to pass through and site to site VPN and the rest are just the normal configuration. I must suspect there could be a rule here that completely blocks connection. I shall send you guys some info tomorrow when I get back to the office. One thing I noticed, when I upgraded the SOHO3 to TZ170. The Soho3 had another device linked to it and it was a Linksys 4 port router which has port forwarding enabled. I have not scrutinized the configuration of this additional device per se, but what I can say is that it has port forwarding enabled. Thank you for your time. Very sincerely yours, Servie --- List Account <list.account () cerdant com> wrote:
What version of SonicOS are you running? Standard or Enhanced? Are there any log messages generated in the SonicWALL when the user attempts to connect to the site? If you're running SonicOS Enhanced 3.1 or greater, have you done a packet capture and saved it to a libpcap file? Can you post this file if so. Nathan Grandbois, CISSP, CSSA Cerdant, Inc. 614.717.0123 ext. 26-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On BehalfOf Servie Platon Sent: Wednesday, August 17, 2005 8:52 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] UPS Worldship connection problemswith newfirewall device Hello FW-Wizards and gurus, I have upgraded my Sonicwall SOHO3 to TZ170 acoupleof weeks back for my small office network. Everything seems to be working fine except for one laptop which accesses UPS (United Parcel Service) Worldship network. As its description from the UPS website. UPS WorldShipR is a full featured, WindowsR-based, shipping software application for customers withhighvolume shipping needs. WorldShip allows customerstoaccelerate, streamline and enhance not only theirshippingprocesses, but financial and customer serviceprocesses as well.When we first installed the program in one of the laptops, it seems to be working fine with the SOHO3 firewall. And when, we upgraded to the Sonicwall TZ170,that'swhen the problem started to set in. We were told by UPS technical support since we have upgraded a firewall appliance, the firewall rules may have blocked inbound and outbound communication betweenoursmall office network and UPS's network. Furthermore, we were told that we need to enable support for gethostip.exe, shipups.exe,upslnkmg.exealongside allowing access for 153.2.x.x network. Since I don't see any documentation on thisSonicwallTZ170 to do the adding of .exe files to thefirewallthat supports this method. I am uncertain though, whether my firewall ruleshavesomething to do with it? AFAIK, other services suchasmail, terminal services are working fine except for this one. One odd thing that puzzles me is that if my boss brings this laptop to his house and connect it tohisHome network through his router, he could connecttoUPS and be able to do work and send info in a bi-directional manner. Whereas, if he returns to the office he gets anErrorCode 53670 which according UPS has something to do with our firewall and dns resolution. I have attempted and failed to enable this featureandam hoping that maybe someone may have encounteredthisproblem in the past who may have the solution. Again, thank you very much. Very sincerely yours, Servie __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spamprotection aroundhttp://mail.yahoo.com _______________________________________________ firewall-wizards mailing listfirewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- UPS Worldship connection problems with new firewall device Servie Platon (Aug 26)
- RE: UPS Worldship connection problems with new firewall device Bruce Smith (Aug 28)
- RE: UPS Worldship connection problems with new firewall device Paul Melson (Aug 28)
- RE: UPS Worldship connection problems with new firewall device List Account (Aug 28)
- RE: UPS Worldship connection problems with new firewall device Servie Platon (Aug 29)
- <Possible follow-ups>
- RE: UPS Worldship connection problems with new firewall device Chris Hunhoff (Aug 29)