Internet service sudden slower as DNS service blocked - Watchguard
Environment
Content
One day users reported that the speed of the Internet service was slow, not normal.
To identify what the problem was, ran Firebox System Manager to read logs. Then, it was showing the connections between the dns services of the vendor, HKBN, and our firewall blocked because of unhandled external packets.
To solve it, first, set "Blocked Sites Exceptions": "Policy Manager" --> "Setup" --> "Default Threat Protection" --> "Blocked Sites..." --> Tab - "Blocked Sites Exceptions", and then added HKBN's dns servers:
Then, went to delete the sites blocked, Tab - "Blocked Sites". Then, it was Internet service back to normal.
Moreover, to keep monitor similar events, set logging about unhandled packets: "Setup" --> "Default Threat Protection" --> "Default Packet Handling..." --> Logging
Update
- Watchguard Firebox X550E
Content
One day users reported that the speed of the Internet service was slow, not normal.
To identify what the problem was, ran Firebox System Manager to read logs. Then, it was showing the connections between the dns services of the vendor, HKBN, and our firewall blocked because of unhandled external packets.
2014-02-24 12:43:44 Unhandled External Packet-py alarm_id= alarm_type=popup msg=Policy Name: Unhandled External Packet-00 Source IP: 203.80.96.10 Source Port: 53 Destination IP: 10.0.0.1 Destination Port: 54684 proc_id="firewall" time="Mon Feb 24 12:43:44 2014 (CST)" Alarm
2014-02-24 12:43:44 Unhandled External Packet-py alarm_id= alarm_type=popup msg=Policy Name: Unhandled External Packet-00 Source IP: 203.80.96.10 Source Port: 53 Destination IP: 10.0.0.1 Destination Port: 30851 proc_id="firewall" time="Mon Feb 24 12:43:44 2014 (CST)" Alarm
2014-02-24 12:43:45 Unhandled External Packet-py alarm_id= alarm_type=popup msg=Policy Name: Unhandled External Packet-00 Source IP: 203.80.96.9 Source Port: 53 Destination IP: 10.0.0.1 Destination Port: 4692 proc_id="firewall" time="Mon Feb 24 12:43:45 2014 (CST)" Alarm
2014-02-24 12:43:45 Unhandled External Packet-py alarm_id= alarm_type=popup msg=Policy Name: Unhandled External Packet-00 Source IP: 203.80.96.9 Source Port: 53 Destination IP: 10.0.0.1 Destination Port: 35919 proc_id="firewall" time="Mon Feb 24 12:43:45 2014 (CST)" Alarm
2014-02-24 12:43:45 Unhandled External Packet-py alarm_id= alarm_type=popup msg=Policy Name: Unhandled External Packet-00 Source IP: 203.80.96.10 Source Port: 53 Destination IP: 10.0.0.1 Destination Port: 1138 proc_id="firewall" time="Mon Feb 24 12:43:45 2014 (CST)" Alarm
2014-02-24 12:43:45 Unhandled External Packet-py alarm_id= alarm_type=popup msg=Policy Name: Unhandled External Packet-00 Source IP: 203.80.96.10 Source Port: 53 Destination IP: 10.0.0.1 Destination Port: 19524 proc_id="firewall" time="Mon Feb 24 12:43:45 2014 (CST)" Alarm
2014-02-24 12:43:46 Unhandled External Packet-py alarm_id= alarm_type=popup msg=Policy Name: Unhandled External Packet-00 Source IP: 203.80.96.9 Source Port: 53 Destination IP: 10.0.0.1 Destination Port: 41232 proc_id="firewall" time="Mon Feb 24 12:43:46 2014 (CST)" Alarm
2014-02-24 12:43:46 Unhandled External Packet-py alarm_id= alarm_type=popup msg=Policy Name: Unhandled External Packet-00 Source IP: 203.80.96.9 Source Port: 53 Destination IP: 10.0.0.1 Destination Port: 29880 proc_id="firewall" time="Mon Feb 24 12:43:46 2014 (CST)" Alarm
2014-02-24 12:43:47 Unhandled External Packet-py alarm_id= alarm_type=popup msg=Policy Name: Unhandled External Packet-00 Source IP: 203.80.96.9 Source Port: 53 Destination IP: 10.0.0.1 Destination Port: 3834 proc_id="firewall" time="Mon Feb 24 12:43:47 2014 (CST)" Alarm
2014-02-24 12:43:47 Unhandled External Packet-py alarm_id= alarm_type=popup msg=Policy Name: Unhandled External Packet-00 Source IP: 203.80.96.9 Source Port: 53 Destination IP: 10.0.0.1 Destination Port: 37451 proc_id="firewall" time="Mon Feb 24 12:43:47 2014 (CST)" Alarm
2014-02-24 12:43:51 Unhandled External Packet-py alarm_id= alarm_type=popup msg=Policy Name: Unhandled External Packet-00 Source IP: 203.80.96.10 Source Port: 53 Destination IP: 10.0.0.1 Destination Port: 53812 proc_id="firewall" time="Mon Feb 24 12:43:51 2014 (CST)" Alarm
To solve it, first, set "Blocked Sites Exceptions": "Policy Manager" --> "Setup" --> "Default Threat Protection" --> "Blocked Sites..." --> Tab - "Blocked Sites Exceptions", and then added HKBN's dns servers:
- 203.80.96.10
- 203.80.96.9
Then, went to delete the sites blocked, Tab - "Blocked Sites". Then, it was Internet service back to normal.
Moreover, to keep monitor similar events, set logging about unhandled packets: "Setup" --> "Default Threat Protection" --> "Default Packet Handling..." --> Logging
- Unhandled Internal Packet: Send notification, Pop-up Window
- Unhandled External Packet: Send notification, Pop-up Window
Update