Internet Related/Filtering/Firewall Thread, CISCO firewall dropping packets - internet offline across whole site in Technical; Cut a long story short, I was setting up some new firewall rules yesterday for our BYOD system that's soon ...
4th February 2014, 08:47 AM #1
CISCO firewall dropping packets - internet offline across whole site
Cut a long story short, I was setting up some new firewall rules yesterday for our BYOD system that's soon being installed. However, I have somehow managed to accidentally delete an existing rule, knocking our entire school offline.
I have looked at the logs and it seems to be dropping packets out to the internet now, but I can't find out how to rectify it. I've attached some screenshots of our config.
(Currently using mobile hotsopt)
Last edited by BassTech; 4th February 2014 at 11:53 AM.
4th February 2014, 09:30 AM #2
Don't you have a config backup that you could restore on the firewall to get it back to a working state? If not, then big lesson learned for you. Configuration management begins with backing up your configs.
It is clear from the logs that it is the firewall rule "OUTSIDE_access_out" that is causing the problem. I can't see a firewall rule with this name in your screenshots though. I do note that you have several "Ruckus-Squid" rules disabled. Are those deprecated rules or should they be active?
p.s. I wouldn't recommend posting firewall screenshots showing all of your firewall rules including ports and IP addresses on the open net.
4th February 2014, 09:42 AM #3
From a brief look, it looks like the traffic being blocked on the log is DNS requests to some external servers - determine which internal IPs need to access which external IPs for DNS (I'd guess that you have AD and therefore your DCs probably do internal DNS and have forwarders for external - check IPs there), then I think you need a rule in the OUTSIDE outgoing rules (OUTSIDE_access_out would suggest interface OUTSIDE, on outgoing rules) to allow UDP 53 from your internal IPs requiring access to DNS to the external DNS servers set as forward lookup on your DNS servers. Doing that may then show other blocked packets - presently any web request is generating a DNS request which is being blocked, so any further traffic may be blocked, but difficult to know. If you only deleted one rule, it may have been an allow all external type rule, so now may be an opportune time to lock down.
4th February 2014, 09:58 AM #4
Can you not issue a rollback ? not sure if this is an option on Cisco but on our Juniper Routers/Firewalls you can issue a rollback command, you can time it to so it will roll back for like 30 minutes and then commit it if it works.
Which Cisco Firewall is this ?
4th February 2014, 10:02 AM #5
Not sure if it applies to ASA but on iOS switches you can just reload the device and it will restore the startup config. Unless you saved it.
4th February 2014, 11:55 AM #6
Managed to successfully re-create the rule and now all is well. Lesson learned I think, I should've backed it up first - amateur mistake!
PS - Deleted firewall screenshots now too for obvious reasons.
4th February 2014, 01:01 PM #7
I would backup anyway, just incase the whole device dies.
Originally Posted by Lee91
4th February 2014, 01:11 PM #8
Out of interest - what was the rule that you'd deleted?
4th February 2014, 01:41 PM #9
I have done
Originally Posted by FN-GM
@Willott - the link between the two NICs allowing TCP/UDP traffic to pass between them.
Thanks to BassTech from:
Willott (5th February 2014)
By kennysarmy in forum Windows
Last Post: 26th April 2011, 11:04 AM
By ahmadirad in forum Internet Related/Filtering/Firewall
Last Post: 27th February 2011, 11:14 AM
By nicholab in forum Wireless Networks
Last Post: 14th July 2008, 12:38 PM
By FN-GM in forum IT News
Last Post: 1st August 2007, 08:21 PM
By timbo343 in forum Hardware
Last Post: 5th February 2007, 10:00 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)