To learn more about what is blocked by my Linksys router and my Sygate Firewall, I installed WallWatcher and chose the Linksys BEF series as my router (BEFSR41).
After running it for 24 hours, and deliberately creating incoming stuff via music streams and other routes, WallWatcher continued to show nothing in the logs.
I went to Bandwidth and tried "test snmp". This resulted in Sygate blocking the test and blocking all traffic from my standard router IP address for 10 minutes.
Do I leave this "allowed" in Sygate? And if so, is it worth it or am I creating a risk I didn't have before?
One other thing, the router must be set enabled to broadcast the logs to all machines on the LAN and that IP will be 192.168.1.255 -- broadcast to all machine on the LAN. Or you can set it to 192.168.1.100 if one of your machines on the LAN has that IP and the log data will only be sent to that IP/machine where WW is installed. You should read the router's user manual as there is Admin screen to enable the broadcasting of the router's syslog data or get on the phone with Linksys Tech Support.
You don't have things configured right it seems.
You have to tell Sygate to accept traffic on UDP Port 514 is where the syslog data traffic from the router is being sent. The IP you would trust is
192.168.1.1 the device IP of the router. You can do it for the 514 UDP port only or you trust the device IP on ALL Ports, which you should do and is a better solution, if you cannot do it for solely UDP port 514.
Better yet for the time being, disable Sygate on the machine and watch Wallwatcher work, after all the machine is setting behind the protection of a NAT router. You can enable Sygate and figure out how to make rules with Sygate to open/unblock the UDP 514 port.
How can there be a risk? The machine is setting behind the router and it is protecting the machine from the Internet and Sygate is just a bonus. And for now Sygate is in the way.
There is nothing to understand and it's basic.
1) Make sure the router is broadcasting the syslog data.
2) Configure the PFW solution to accept traffic from the router's device IP.
3) That's it. At this tine WW is not getting any inbound traffic on UDP port
514 to show any data.
why so difficult. Allow WallWatcher to pass Sygate. WallWatcher doesn't do lookups on the internet. It only looks in your router. I use the combination WW/Sygate/BEFSR41 without any problem. Don't disable Sygate because you have to block unwanted outgoing traffic.
testing snmp ( do the test 2 * ) could force a warm router reboot. BEFSR41 hates this snmp testing! It must have something to do how WallWatcher does the test. In my case I'm only 30 seconds "off line". I also had already two times a spontaneous?? router reset to the router defaults. If the WW logs show nothing I know I had router problems again and have to set all my router settings again.
"joly joker" wrote in news:dge2gr$snt$ snipped-for-privacy@news6.zwoll.ov.home.nl:
I don't think I said disable Sygate permanently but the OP should at least disable it until he sees how WW is suppose to work. It was never difficult for me I had the thing running in about 20 seconds when I first started using it. BlackIce never gave me a problem using it with my old BEFW11S4 router using Win 2K.
I did have a problem with WW when I switched to XP Pro and the XP FW was enabled for some reason and was blocking UDP 514 behind BlackIce so I disabled the XP FW and also set the rules on IPsec to allow traffic on UDP port 514. I had to be told that UDP 514 was being blocked by the WW author.
Now that I am using a Watchguard FW appliance, which does block outbound if needed, I have no need for any additional packet filtering solutions at the machine level to interfere with anything.
"joly joker" wrote in news:dgfagq$a3r$ snipped-for-privacy@news3.zwoll.ov.home.nl:
Who cares about WG being free or not? The fact is that WW is free and works with the WG SOHO 6 firmware and works with the Linksys BEF model NAT router firmware is what this poster was concerned about.
And flat-out that packet filtering/personal FW solution that needs an O/S to function a machine level solution will never be able to match a WG FW appliance in protecting a network. And neither can that Linksys NAT router you're using can match it either, otherwise, you would not be using a PFW solution on the machine to supplement that NAT router you are using.
I don't need protection at the machine level with the usage of a personal FW solution running at the machine level and there is no FW on the XP Pro or Linux machines active due to that WG setting there protecting the network.
What does a network/Internet FW do? And I am not talking about some PFW solution like Sygate.
formatting link
Here is the simple Linksys NAT router in play and what it can basically do and not do in protecting a network.
formatting link
You should learn something about FW(s) that will not lead you into making some kind of ridiculous comparisons between a FW appliance and Sygate.
I have nothing against a Linksys router or PFW solutions but you bring up Sygate talking to me about Sygate a PFW solution that some don't even consider a FW solution including myself, which is being explained in the second link above.
What are you talking about? I don't need a VPN solution on none of my XP PRO machines that would be used to connect the client computer to a WG SOHO 6 that had a VPN solution implemented for a remote connection solution to encrypt the traffic between two valid VPN connection end points over the Internet.
formatting link
VPN solutions are either hardware to hardware/router to router or are software solutions client VPN solution to host/server software VPN solutions/software to software.
I got to go and get ready to drive to Chicago and catch a flight to work a contact in Reno, NV. :)
I am working with the exact same combination (except I'm running Sygate Pro). I have tried many things without success.
I emailed WW tech support and got the following response: " Unfortunately, I don't use Sygate's firewall and have no information about configuring it. In general, software firewalls have ways of letting you tell them to allow certain applications and / or remote addresses (your router's LAN address in this case) and / or ports (162 in this case) to communicate with each other."
Could you tell me exactly how you configured Sygate since we are using the same combination of hardware and software.
louise wrote in news: snipped-for-privacy@news-server.nyc.rr.com:
I could flat-out set a rule with BlackIce on the machine behind the Linksys router to Accept and Trust the Linksys router's device IP of
192.161.1.1, which would be for all ports that BI was protecting. Even if the block message was a past message on the logging screen, I could right-click the line and Accept and Trust the IP and it would be that way until I deleted the rule at the Advance FW rules screen.
However, I didn't do it that way and went to the Advanced FW rules and set a rule to Accept and Trust the device IP on all ports and forgot about it.
If you went back to WW's configuration screen and you selected a Linksys router, I don't think the port is 162.
But you can circumvent this problem by Accepting and Trusting the router's device IP on all ports and be done with it. You're NOT putting the machine at risk by accepting the device IP on all ports with Sygate nothing is going to happen by doing it. It absoltely cannot be this hard with Sygate I have used Sygate but it was a long time ago.
Maybe, you need to conatct Sygate Tech Support and not WW.
"joly joker" wrote in news:dggigq$b49$ snipped-for-privacy@news3.zwoll.ov.home.nl:
When I used WW with the Linksys BEFW11S4 v1 router it was 514 and it still remains 514 UDP for the WG. So if it's 162 for the OP's Linksys router it's 162 -- big deal.
WTH, all I see you doing here is nit picky bicthing and you're such a WW expert. The OP or anybody with some common sense a child can figure out how to use WW and what port it's using and configure a PFW how to accept the traffic on whatever port the router is using when selected in the router selection drop down menu and the port is shown for the router being selected. It doesn't take a rocket scientist or you to figure out how to use WW and what port.
If you and the OP are using the same Linksys router and are using Sygate, post to the OP and tell the OP how to configure WW to work with Sygate and *shut the hell-up*.
first off all could you tell us some off your router settings for this problem ( only if you still have this problem)? Are you using BEFSR41 v1, v2 or v3 and which WIN98, XP or other OS you are using? In v3 there is an Administration page where you have to set ( and save ) Log --> must be yes. Logviewer IP address --> must be(?) 192.168.1.255 ( most easy, every PC in your LAN could get the router info).
In WW you have a logging, a display and a router page which could give you trouble. What could be wrong? Wrong router selected on the router page? Nothing to log? Everything cleared on the display page? I don't think this is your problem, but WW is a part in this not functional process.
You could start with Sygate allowing WallWatcher full access and if it's working you can finetune the WW settings in Sygate to only use the ports neccessary. If WW is already in the list of the allowed programs in Sygate, remove it and let Sygate allow WW again without limitations.
Router is: Linksys BEFSR41 - version 2 OS is Win XP Pro
I enabled logging on the router.
WW provides a "BEF series" option for choosing your router and that's what I chose
Router IP address is correct
As you suggested, I removed WW from Sygate Applications. I also uninstalled and reinstalled WW just in case something had gone wrong with the installation.
In WW, there is an option to ping your router (on the special tab). I tried pinging my router and Sygate came up asking whether I wanted to allow WW, etc. I checked the always box and said yes.
Nevertheless, when I then tried to ping my router from WW, Sygate came up and blocked it.
Now - if I go into the advanced settings for the WW application in Sygate, there are many options and I've no idea what to choose for any of them: Application Restrictions (trusted IPs) - it is now blank Remote Server Ports TCP and UDP - they are now blank Local Ports TCP and UCP - they are now blank NOTE - there are long drop-down menus for the Remote server ports and the local ports and I do not understand them. Allow ICMP traffic is checked Act and Client and Act as Server are both checked
NOW - I turned off Sygate and pinged my router from WW successfully. However, for me, this is not a long term solution and I would like to be able to configure Sygate to allow it.
BTW, the port is 162 for one router (that's all I have). There is an unchecked checkbox for "multiple routers), which is for ports
OK - after leaving Sygate off for about 10 minutes, with WW running, I have 62 out (mostly things I know I accessed or that are accessed), and 4 in. So there is no question that WW works without Sygate. And I assume that the "4 in" are what is blocked by the router?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.