+ Post New Thread
Results 1 to 9 of 9
Internet Related/Filtering/Firewall Thread, CISCO firewall dropping packets - internet offline across whole site in Technical; Cut a long story short, I was setting up some new firewall rules yesterday for our BYOD system that's soon ...
  1. #1
    BassTech's Avatar
    Join Date
    Nov 2008
    Location
    England
    Posts
    483
    Thank Post
    51
    Thanked 31 Times in 24 Posts
    Rep Power
    23

    CISCO firewall dropping packets - internet offline across whole site

    Cut a long story short, I was setting up some new firewall rules yesterday for our BYOD system that's soon being installed. However, I have somehow managed to accidentally delete an existing rule, knocking our entire school offline.

    I have looked at the logs and it seems to be dropping packets out to the internet now, but I can't find out how to rectify it. I've attached some screenshots of our config.

    [ATTACH=CONFIG]<Screenshot deleted>[/ATTACH]

    [ATTACH=CONFIG]<Screenshot deleted>[/ATTACH]

    [ATTACH=CONFIG]<Screenshot deleted>[/ATTACH]

    (Currently using mobile hotsopt)
    Last edited by BassTech; 4th February 2014 at 11:53 AM.

  2. #2

    seawolf's Avatar
    Join Date
    Jan 2010
    Posts
    969
    Thank Post
    12
    Thanked 285 Times in 217 Posts
    Blog Entries
    1
    Rep Power
    175
    Don't you have a config backup that you could restore on the firewall to get it back to a working state? If not, then big lesson learned for you. Configuration management begins with backing up your configs.

    It is clear from the logs that it is the firewall rule "OUTSIDE_access_out" that is causing the problem. I can't see a firewall rule with this name in your screenshots though. I do note that you have several "Ruckus-Squid" rules disabled. Are those deprecated rules or should they be active?

    p.s. I wouldn't recommend posting firewall screenshots showing all of your firewall rules including ports and IP addresses on the open net.

  3. #3

    Join Date
    Dec 2008
    Location
    Nottingham
    Posts
    575
    Thank Post
    38
    Thanked 115 Times in 105 Posts
    Rep Power
    46
    From a brief look, it looks like the traffic being blocked on the log is DNS requests to some external servers - determine which internal IPs need to access which external IPs for DNS (I'd guess that you have AD and therefore your DCs probably do internal DNS and have forwarders for external - check IPs there), then I think you need a rule in the OUTSIDE outgoing rules (OUTSIDE_access_out would suggest interface OUTSIDE, on outgoing rules) to allow UDP 53 from your internal IPs requiring access to DNS to the external DNS servers set as forward lookup on your DNS servers. Doing that may then show other blocked packets - presently any web request is generating a DNS request which is being blocked, so any further traffic may be blocked, but difficult to know. If you only deleted one rule, it may have been an allow all external type rule, so now may be an opportune time to lock down.

    Cheers

    Will

  4. #4
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,493
    Thank Post
    519
    Thanked 290 Times in 266 Posts
    Rep Power
    82
    Can you not issue a rollback ? not sure if this is an option on Cisco but on our Juniper Routers/Firewalls you can issue a rollback command, you can time it to so it will roll back for like 30 minutes and then commit it if it works.

    Which Cisco Firewall is this ?

  5. #5

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,054
    Thank Post
    888
    Thanked 1,729 Times in 1,492 Posts
    Blog Entries
    12
    Rep Power
    454
    Not sure if it applies to ASA but on iOS switches you can just reload the device and it will restore the startup config. Unless you saved it.

  6. #6
    BassTech's Avatar
    Join Date
    Nov 2008
    Location
    England
    Posts
    483
    Thank Post
    51
    Thanked 31 Times in 24 Posts
    Rep Power
    23
    Hi all,

    Managed to successfully re-create the rule and now all is well. Lesson learned I think, I should've backed it up first - amateur mistake!

    Thanks

    PS - Deleted firewall screenshots now too for obvious reasons.

  7. #7

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,054
    Thank Post
    888
    Thanked 1,729 Times in 1,492 Posts
    Blog Entries
    12
    Rep Power
    454
    Quote Originally Posted by Lee91 View Post
    Hi all,

    Managed to successfully re-create the rule and now all is well. Lesson learned I think, I should've backed it up first - amateur mistake!

    Thanks

    PS - Deleted firewall screenshots now too for obvious reasons.
    I would backup anyway, just incase the whole device dies.

  8. #8

    Join Date
    Dec 2008
    Location
    Nottingham
    Posts
    575
    Thank Post
    38
    Thanked 115 Times in 105 Posts
    Rep Power
    46
    Out of interest - what was the rule that you'd deleted?

  9. #9
    BassTech's Avatar
    Join Date
    Nov 2008
    Location
    England
    Posts
    483
    Thank Post
    51
    Thanked 31 Times in 24 Posts
    Rep Power
    23
    Quote Originally Posted by FN-GM View Post
    I would backup anyway, just incase the whole device dies.
    I have done
    @Willott - the link between the two NICs allowing TCP/UDP traffic to pass between them.

  10. Thanks to BassTech from:

    Willott (5th February 2014)

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 12
    Last Post: 26th April 2011, 11:04 AM
  2. Help me to configure Cisco 2611xm to give internet to dial-in users
    By ahmadirad in forum Internet Related/Filtering/Firewall
    Replies: 0
    Last Post: 27th February 2011, 11:14 AM
  3. Cisco firewalls
    By nicholab in forum Wireless Networks
    Replies: 1
    Last Post: 14th July 2008, 12:38 PM
  4. Cisco to Drop Linksys Brand
    By FN-GM in forum IT News
    Replies: 6
    Last Post: 1st August 2007, 08:21 PM
  5. Connect to a cisco firewall using hyperterminal
    By timbo343 in forum Hardware
    Replies: 5
    Last Post: 5th February 2007, 10:00 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •