PDA

View Full Version : Problem activating firewall



Vpluar
01-29-2009, 03:59 AM
I have some quadro ISDN gateway, and i´m having problems with the firewall, in the image attach is the config of 1 of my firewalls. It´s not working, i can manage from any ip out of range and receive calls from any where too.

Any idea how to fix it?

Thanks.

Vpluar
02-04-2009, 07:44 AM
I can access from any ip from the Wan, from the Lan it´s ok.

Vahan
02-05-2009, 05:24 AM
Hello,

I have tested the functionality of firewall on QuadroISDN on one of our gateways and it worked correctly. The management access rules do function as they should.
Could you please provide us an access to your Quadro? So we will try to connect from our side and look through configuration.

Thanks.

davrays
02-05-2009, 11:51 AM
Vpluar, I can confirm that Vahan is one of Epygi engineers, so you can give him access without fearing that he will hack your device :)

Best regards,
David

person
02-05-2009, 08:59 PM
Hi,

I'm also having problems with my firewall, previously I had IP filters only allowing management & sip access from a number of individual IP's (not ip ranges)... now however even though the rules are correct and the firewall is enabled I can access the quadro from anywhere on the internet....

The only thing that has changed is that i'm now using the quadro to authenticate to the internet via PPTP to my modem (so the quadro has a public IP)

Any Ideas?

Thanks

EDIT: sorry just realised I posted this in the wrong place, My problem is with a Quadro 2x pbx... but its the same issue...

davrays
02-06-2009, 12:03 PM
person, can you please send Vahan the logs, or better the info on how to access your unit, so we can see whats happening there..? This is not acommon situation, and it is not reproducible in out testlab, so we need to gather the info directly from the faulty unit. Just send a PM to Vahan. We need to get this resolved.

Regards,
David

person
02-08-2009, 07:04 AM
person, can you please send Vahan the logs, or better the info on how to access your unit

PM sent :)

Vahan
02-09-2009, 01:27 AM
Person, we have found an issue on firewall when WAN is configured as PPTP Client, thank you very much. I have reported about this. the fix will be included in our next releases.

person
02-09-2009, 02:20 AM
Thanks Vahan i'll look forward to the fix Cheers

Vahan
02-09-2009, 10:12 AM
Vpluar, the problem you have comes from the allowed ip rule(x.x.134.x/23). You are using a subnet(/23) which overlaps Quadro's WAN IP(x.x.134.39). Please, try to enable the management access rule with the same subnet /23(you already has this rule) and disable the rule(/23) in allowed ip.

I can't understand the sense of the rule - allowed ip(172.30.0.0/24). If you want everything to be opened for LAN users, please set the firewall level to "Medium".

davrays
02-11-2009, 01:05 PM
Vpluar, first of all I would like to thank you - with your help we found a bug in the Quadro firewall - if the range in "Allowed IP list" includes Quadro's own IP, the Quadro becomes open to everybody. We will fix that as soon as possible. Until that it is strongly recommended not to use such ranges in both "Allowed IP list" and "Blocked IP list".

Typically users are opening access for one-two specific IPs, or use "Management Access" rules, thats why this problem is very rare and didn't show up until now.

In many cases you don't need to use the "Allowed IP list" at all, as the only thing you really want to do, is to enable "Management Access" to the board. In your case too Vahan's recommendation is very reasonable.

Best regards,
David

cornepiek
02-12-2009, 01:28 AM
dumb question.

how do i set access on https from any ip.
i sometimes have to log into the system from clients premises and they are all in different subnets. i got it working to allow from one specific range but i cannot get it working from all subnets or ip ranges

Vpluar
02-12-2009, 04:51 AM
thanks for the information, ill change it just now. 1 question, it will pass into the Voip too? it,s said i have to reduce range in the firewall to onlye granted access to make and receive calls from 1 or 2 ips?

davrays
02-12-2009, 06:13 AM
dumb question.

how do i set access on https from any ip.
i sometimes have to log into the system from clients premises and they are all in different subnets. i got it working to allow from one specific range but i cannot get it working from all subnets or ip ranges
What about setting firewall in "Low" mode, Corne? :) It looks it is exactly the thing you want to do :) If you want to block some specific services anyway, you can add corresponding rules...


thanks for the information, ill change it just now. 1 question, it will pass into the Voip too? it,s said i have to reduce range in the firewall to onlye granted access to make and receive calls from 1 or 2 ips?
Vpluar, if you add such range (which includes the Quadro IP) to the "Allowed IP List", then any kind of access (HTTP/HTTPS/SIP/CCA etc) will be possible from any IP.

KSComs
02-12-2009, 06:49 AM
Now dont forget to donate some $$$ to the Davrays Grappa Fund and Macintosh rescue ....

The one displayed in the window needs to be dusted off and used me thinks... by now at least... :D and thats just the Macintosh ..

Kev

cornepiek
02-12-2009, 07:00 AM
kevin, kan i have some of what ever you are on please. i dont think we grow it here in sa

KSComs
02-12-2009, 07:04 AM
One has to have a warped sense of humor at present with the neck of the woods im in...

:cool:

Kev