Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: UPS Worldship connection problems with new firewall device

From: "Chris Hunhoff" <chunhoff () eastriver coop>
Date: Mon, 29 Aug 2005 07:53:36 -0500
By default a Sonicwall allows all ports outbound so you shouldn't have
to create any outbound rules unless you specifically closed these ports
and UPS Worldship does not require any inbound ports that I know of.

You might want to try enabling fragmented packets on the allow-all rule.
This seems to be a fix- all for a lot of traffic problems with the
Sonicwall.

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Servie
Platon
Sent: Sunday, August 28, 2005 1:52 PM
To: List Account; firewall-wizards () honor icsalabs com
Subject: RE: [fw-wiz] UPS Worldship connection problems with new
firewall device

Thank you Nathan, Paul, Bruce and Keith for giving
some of your insights on what to do.

Before posting to this prestigeous group. I called UPS
technical support and was told to allow ports 80 and
443 on the firewall. So, I created/added a rule named
UPS to do that which allows the network 153.2.x.x to
LAN to pass through on said ports.

I have also called technical support of SonicWall for
assistance and sent them the tsr (tech support report)
file which has the list of rules and other
configuration but so far they have not seen anything
wrong with it.

For this firewall appliance (TZ170), I have just
enabled Terminal Services to pass through and site to
site VPN and the rest are just the normal
configuration.

I must suspect there could be a rule here that
completely blocks connection. I shall send you guys
some info tomorrow when I get back to the office.

One thing I noticed, when I upgraded the SOHO3 to
TZ170. The Soho3 had another device linked to it and
it was a Linksys 4 port router which has port
forwarding enabled. I have not scrutinized the
configuration of this additional device per se, but
what I can say is that it has port forwarding enabled.

Thank you for your time.

Very sincerely yours,
Servie

--- List Account <list.account () cerdant com> wrote:


What version of SonicOS are you running? Standard or
Enhanced? 
Are there any log messages generated in the
SonicWALL when the user attempts
to connect to the site?
If you're running SonicOS Enhanced 3.1 or greater,
have you done a packet
capture and saved it to a libpcap file? Can you post
this file if so.

Nathan Grandbois, CISSP, CSSA
Cerdant, Inc.
614.717.0123 ext. 26 


-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com 
[mailto:firewall-wizards-admin () honor icsalabs com]

On Behalf 

Of Servie Platon
Sent: Wednesday, August 17, 2005 8:52 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] UPS Worldship connection problems

with new 

firewall device



Hello FW-Wizards and gurus,

I have upgraded my Sonicwall SOHO3 to TZ170 a

couple

of weeks back for my small office network.

Everything seems to be working fine except for one
laptop which accesses UPS (United Parcel Service)
Worldship network.

As its description from the UPS website. UPS
WorldShipR is a full featured, WindowsR-based,
shipping software application for customers with

high

volume shipping needs. WorldShip allows customers

to 

accelerate, streamline and enhance not only their

shipping 

processes, but financial and customer service

processes as well.


When we first installed the program in one of the
laptops, it seems to be working fine with the SOHO3
firewall.

And when, we upgraded to the Sonicwall TZ170,

that's

when the problem started to set in. We were told by
UPS technical support since we have upgraded a
firewall appliance, the firewall rules may have
blocked inbound and outbound communication between

our

small office network and UPS's network.

Furthermore, we were told that we need to enable
support for gethostip.exe, shipups.exe,

upslnkmg.exe

alongside allowing access for 153.2.x.x network.

Since I don't see any documentation on this

Sonicwall

TZ170 to do the adding of .exe files to the

firewall

that supports this method.

I am uncertain though, whether my firewall rules

have

something to do with it? AFAIK, other services such

as

mail, terminal services are working fine except for
this one.

One odd thing that puzzles me is that if my boss
brings this laptop to his house and connect it to

his

Home network through his router, he could connect

to

UPS and be able to do work and send info in a
bi-directional manner.

Whereas, if he returns to the office he gets an

Error

Code 53670 which according UPS has something to do
with our firewall and dns resolution.

I have attempted and failed to enable this feature

and

am hoping that maybe someone may have encountered

this

problem in the past who may have the solution.

Again, thank you very much.

Very sincerely yours,
Servie

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam

protection around 

http://mail.yahoo.com 
_______________________________________________
firewall-wizards mailing list

firewall-wizards () honor icsalabs com

http://honor.icsalabs.com/mailman/listinfo/firewall-wizards




_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com


http://honor.icsalabs.com/mailman/listinfo/firewall-wizards





__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: