Network Guru's

[Ryansta]

Hi Guys
Having the most annoying issue in the world. I have a firewall/proxy in place that blocks all traffic, except the allowed domain names and IP's. Now we have applications that require the internet to work which have all been setup to run and work through the system but every few days(randomly) the apps no longer connect and I have to turn off the restrictions, connect the apps, then turn the restrictions back on and they run and connect fine for the next few days(weeks). For one application this "used to work fine" (wasnt working before I started) according to the previous IT admin through his MAC firewalls(thought the MAC firewals were the issue). Now I have replaced the MAC firewalls with an Endian Firewall. Same thing is happening. This also was only one application previously but 2 months(even on the MAC firewalls) back another one started doing it. Now with the Endian, both apps still do this, even after requesting a full list of IP's and domain names from these companies to run their apps.

Any ideas from you guys? My resources are all out

 

[Anthro]

I would say the best place to start is the device / software logs the moment these devices stop working.
The reason for blocking you will then be apparent - and then easily (maybe) solvable

 

[web_dude]

maybe the memory of your firewall is limited and gets full after some days and require a restart.

if you experience the issue, just restart your firewall and see.

If that solve the problem, keep testing restarting the device every few days (if you notice that the issue start every four days, reboot the device in day 3).

and after several tests you find that everything is running smoothly with rebooting your firewall every couple of days, look at your hardware and see if you can increase capacity (maybe memory, maybe HDD).

If that doesn't solve your problem... maybe somebody else have another suggestion...

 

[The_Unbeliever]

One question - is the Endian firewall installed on the same hardware as the previous one?

Have you tried a different port on the switch?

 

[Wyzak]

Hi Guys
Having the most annoying issue in the world. I have a firewall/proxy in place that blocks all traffic, except the allowed domain names and IP's. Now we have applications that require the internet to work which have all been setup to run and work through the system but every few days(randomly) the apps no longer connect and I have to turn off the restrictions, connect the apps, then turn the restrictions back on and they run and connect fine for the next few days(weeks). For one application this "used to work fine" (wasnt working before I started) according to the previous IT admin through his MAC firewalls(thought the MAC firewals were the issue). Now I have replaced the MAC firewalls with an Endian Firewall. Same thing is happening. This also was only one application previously but 2 months(even on the MAC firewalls) back another one started doing it. Now with the Endian, both apps still do this, even after requesting a full list of IP's and domain names from these companies to run their apps.

Any ideas from you guys? My resources are all out

Do you perhaps have a rule which says "Allow established connections"? This type of rule will allow anything through the firewall if it managed to get through once and stays fairly active. These rules are also normally found quite high up in the rule list.

 

[Ryansta]

I will try the logs on the machines and see if there's anything obvious...

It does it on the MAC firewalls, there are 2. The Endian is a completely different pc new port, new IP. Running it along the MAC system so if there were major issues I could shift back to the MAC's. (Endian is basically a proxy that points to our routers at the gateways they not physically connected the the Endian like a normal -best practice?- firewall setup)

I can see the memory on the Endian and it looks good(around 25% usage) but i will give a restart a try.

Its also difficult as it happens on different days on different pc's. No real pattern.

I cant find any rules to do with "Allow established connections".

Thanks for the quick responses guys

 

[guest2013-1]

Which apps are you referring to btw?

It seems you limit the pool of domains/IP's that someone can visit on the web. You have to keep in mind some domains use people like CloudFlare for caching that has quite a few IP's associated with their stuff. So even though the domain admin says "our IP is xyz" in reality, if they run through a service like that, you will never see "IP xyz"

IMHO. It's not your firewall at all

 

[Ryansta]

The one is called Amadeus and the other is Worldspan GO!Res

AcidRazor I thought it was something to with dynmic dns type issue as the MAC's only allow IP's address you cant add domain names, but the endian allows for ips and domain names but still gets blocked. It has to be something to with an address or ip that is blocked as when it has full access it works instantly I just dont know how to find what is being blocked...

 

[Ryansta]

For the one app I had a non connect now, I looked for a log recently edited found this. Bolded line shows where it cant get to, when I type that in the browser(while still not connecting) it goes to the page no problem and resolve Ip SIGH. Its not the whole log, it carries on after the failed part, just tries a back address which goes nowhere either

11/30/12 09:42:53.231 CShowcase::_tWinMain : >>>BEGIN
11/30/12 09:42:53.247 Cache Directory : C:\Users\Portia\AppData\Roaming\Amadeus\Viewer\Cache\
11/30/12 09:42:53.252 User Directory : C:\Users\Portia\AppData\Roaming\Amadeus\Viewer\User Data\
11/30/12 09:42:53.259 Command line argument: : <Init><Url>https://jcp.pointofsale-application.amadeus.com/appserver/vista/FrontController</Url><BackupUrl>http://amadeusvista.com/CDPBackup/cdpbackup.asp</BackupUrl><Language>EN</Language><InstanceId>vista</InstanceId><DebugMode></DebugMode><Timeout>30000</Timeout><ShowcaseVersion>Y09W29D1B01</ShowcaseVersion><DisableKill></DisableKill><ApplicationParams keyName="name"><Param name="ELSURL"><Name>ELSURL</Name><Value><![CDATA[https://errorlogserver.amadeus.com/els/services/ErrorLogService?wsdl]]></Value></Param><Param name="HWID1"><Name>HWID1</Name><Value><![CDATA[2730497]]></Value></Param><Param name="catalogVersion"><Name>catalogVersion</Name><Value><![CDATA[6.1P135]]></Value></Param><Param name="isIntranet"><Name>isIntranet</Name><Value><![CDATA[0]]></Value></Param><Param name="mainWindowState"><Name>mainWindowState</Name><Value><![CDATA[2]]></Value></Param><Param name="packageMarketingName"><Name>packageMarketingName</Name><Value><![CDATA[SELLING PLATFORM 6.1P135 EN (ROW)]]></Value></Param><Param name="packageName"><Name>packageName</Name><Value><![CDATA[vista]]></Value></Param><Param name="packageTechnicalName"><Name>packageTechnicalName</Name><Value><![CDATA[Vista6.1P135CO 6.1]]></Value></Param><Param name="vistaUrl"><Name>vistaUrl</Name><Value><![CDATA[file:///C:\Program Files\Amadeus\Amadeus Vista/main_page/vista.htm?IP=muc.https.farm11.transport.amadeusvista.com+TType=5+Sign=+Duty=+WorkArea=+Password=+PracticeTraining=+Hostname=amadeusvista.com+CIDCONF=+PRODUCT_NAME=vista+ProductID=Amadeus Vista+HELPSITE=amadeusvista.com+TEST_SERVER=false+NGCCURL=https://muc.https.farm11.transport.amadeusvista.com+NGCCMDPAGEURL=cmdpage.v2.amadeusvista.com+isIntranet=0+ELSURL=https://errorlogserver.amadeus.com/els/services/ErrorLogService?wsdl+JCPHost=https://jcp.pointofsale-application.amadeus.com+UMHost=https://pointofsale-application.amadeus.com+SELL2HOST=https://pointofsale-application.amadeus.com+CDPHost=https://jcp.pointofsale-application.amadeus.com+AhaUtilitiesURL=CDPHOST+MultiMediaSite=media.amadeuscruise.com]]></Value></Param></ApplicationParams><StepResources><Initializing>Initializing...</Initializing><BackupInitializing>Initializing (from backup URL)...</BackupInitializing><Installing>Installing ShowcaseCore Components...</Installing><Loading>Loading Application...</Loading><Shutdown>Shutdown in progress...</Shutdown></StepResources></Init>
11/30/12 09:42:53.262 Extracting resource : C:\Users\Portia\AppData\Roaming\Amadeus\Viewer\cmMemGZip.dll
11/30/12 09:42:53.265 Extracting resource : C:\Users\Portia\AppData\Roaming\Amadeus\Viewer\w1aHaConnectorModule.dll
11/30/12 09:42:53.268 FileHelper::extractResource() : >>>BEGIN

11/30/12 09:42:53.270 File already exists : C:\Users\Portia\AppData\Roaming\Amadeus\Viewer\w1aHaConnectorModule.dll

11/30/12 09:42:53.272 Version : 3.0.0.10

11/30/12 09:42:53.284 FileHelper::extractResource() : Internal Showcase.exe isn't newer.

11/30/12 09:42:53.286 FileHelper::extractResource() : <<<END

11/30/12 09:42:53.288 Formatted command line : <Init><Url><![CDATA[https://jcp.pointofsale-application.amadeus.com/appserver/vista/FrontController]]></Url><BackupUrl><![CDATA[http://amadeusvista.com/CDPBackup/cdpbackup.asp]]></BackupUrl><Language>EN</Language><InstanceId>vista</InstanceId><DebugMode></DebugMode><Timeout>30000</Timeout><ShowcaseVersion>Y09W29D1B01</ShowcaseVersion><DisableKill></DisableKill><ApplicationParams keyName="name"><Param name="ELSURL"><Name>ELSURL</Name><Value><![CDATA[https://errorlogserver.amadeus.com/els/services/ErrorLogService?wsdl]]></Value></Param><Param name="HWID1"><Name>HWID1</Name><Value><![CDATA[2730497]]></Value></Param><Param name="catalogVersion"><Name>catalogVersion</Name><Value><![CDATA[6.1P135]]></Value></Param><Param name="isIntranet"><Name>isIntranet</Name><Value><![CDATA[0]]></Value></Param><Param name="mainWindowState"><Name>mainWindowState</Name><Value><![CDATA[2]]></Value></Param><Param name="packageMarketingName"><Name>packageMarketingName</Name><Value><![CDATA[SELLING PLATFORM 6.1P135 EN (ROW)]]></Value></Param><Param name="packageName"><Name>packageName</Name><Value><![CDATA[vista]]></Value></Param><Param name="packageTechnicalName"><Name>packageTechnicalName</Name><Value><![CDATA[Vista6.1P135CO 6.1]]></Value></Param><Param name="vistaUrl"><Name>vistaUrl</Name><Value><![CDATA[file:///C:\Program Files\Amadeus\Amadeus Vista/main_page/vista.htm?IP=muc.https.farm11.transport.amadeusvista.com+TType=5+Sign=+Duty=+WorkArea=+Password=+PracticeTraining=+Hostname=amadeusvista.com+CIDCONF=+PRODUCT_NAME=vista+ProductID=Amadeus Vista+HELPSITE=amadeusvista.com+TEST_SERVER=false+NGCCURL=https://muc.https.farm11.transport.amadeusvista.com+NGCCMDPAGEURL=cmdpage.v2.amadeusvista.com+isIntranet=0+ELSURL=https://errorlogserver.amadeus.com/els/services/ErrorLogService?wsdl+JCPHost=https://jcp.pointofsale-application.amadeus.com+UMHost=https://pointofsale-application.amadeus.com+SELL2HOST=https://pointofsale-application.amadeus.com+CDPHost=https://jcp.pointofsale-application.amadeus.com+AhaUtilitiesURL=CDPHOST+MultiMediaSite=media.amadeuscruise.com]]></Value></Param></ApplicationParams><StepResources><Initializing>Initializing...</Initializing><BackupInitializing>Initializing (from backup URL)...</BackupInitializing><Installing>Installing ShowcaseCore Components...</Installing><Loading>Loading Application...</Loading><Shutdown>Shutdown in progress...</Shutdown></StepResources></Init>
11/30/12 09:42:53.293 Create SplashScreen : hwndParent:65552
11/30/12 09:42:53.299 OnInitDialog : CSplashScreen::OnInitDialog
11/30/12 09:42:53.319 OnPaint : CSplashScreen::OnPaint
11/30/12 09:42:53.322 Show SplashScreen... :
11/30/12 09:42:53.829 SetProgress : STEP_INITIALIZING
11/30/12 09:42:53.832 SetProgress : CSplashScreen::SetProgress
11/30/12 09:42:53.836 OnPaint : CSplashScreen::OnPaint
11/30/12 09:42:54.341 POST <Init Request> : https://jcp.pointofsale-application.amadeus.com/appserver/vista/FrontController
11/30/12 09:42:54.343 Data : <UpdateRequest><Action><Name>Init</Name><SrcType>com.amadeus.cdp.domain.showcase.ShowcaseCtxt</SrcType></Action><DsContainer maxDataId="1"><ShowcaseCtxt id="1" type="com.amadeus.cdp.domain.showcase.ShowcaseCtxt"> <Cache><Path><![CDATA[C:\Users\Portia\AppData\Roaming\Amadeus\Viewer\Cache\]]></Path></Cache>
<Configuration><UserPrefs><DateFormat>IATA-US</DateFormat></UserPrefs></Configuration>
<Init><Url><![CDATA[https://jcp.pointofsale-application.amadeus.com/appserver/vista/FrontController]]></Url><BackupUrl><![CDATA[http://amadeusvista.com/CDPBackup/cdpbackup.asp]]></BackupUrl><Language>EN</Language><InstanceId>vista</InstanceId><DebugMode></DebugMode><Timeout>30000</Timeout><ShowcaseVersion>Y09W29D1B01</ShowcaseVersion><DisableKill></DisableKill><ApplicationParams keyName="name"><Param name="ELSURL"><Name>ELSURL</Name><Value><![CDATA[https://errorlogserver.amadeus.com/els/services/ErrorLogService?wsdl]]></Value></Param><Param name="HWID1"><Name>HWID1</Name><Value><![CDATA[2730497]]></Value></Param><Param name="catalogVersion"><Name>catalogVersion</Name><Value><![CDATA[6.1P135]]></Value></Param><Param name="isIntranet"><Name>isIntranet</Name><Value><![CDATA[0]]></Value></Param><Param name="mainWindowState"><Name>mainWindowState</Name><Value><![CDATA[2]]></Value></Param><Param name="packageMarketingName"><Name>packageMarketingName</Name><Value><![CDATA[SELLING PLATFORM 6.1P135 EN (ROW)]]></Value></Param><Param name="packageName"><Name>packageName</Name><Value><![CDATA[vista]]></Value></Param><Param name="packageTechnicalName"><Name>packageTechnicalName</Name><Value><![CDATA[Vista6.1P135CO 6.1]]></Value></Param><Param name="vistaUrl"><Name>vistaUrl</Name><Value><![CDATA[file:///C:\Program Files\Amadeus\Amadeus Vista/main_page/vista.htm?IP=muc.https.farm11.transport.amadeusvista.com+TType=5+Sign=+Duty=+WorkArea=+Password=+PracticeTraining=+Hostname=amadeusvista.com+CIDCONF=+PRODUCT_NAME=vista+ProductID=Amadeus Vista+HELPSITE=amadeusvista.com+TEST_SERVER=false+NGCCURL=https://muc.https.farm11.transport.amadeusvista.com+NGCCMDPAGEURL=cmdpage.v2.amadeusvista.com+isIntranet=0+ELSURL=https://errorlogserver.amadeus.com/els/services/ErrorLogService?wsdl+JCPHost=https://jcp.pointofsale-application.amadeus.com+UMHost=https://pointofsale-application.amadeus.com+SELL2HOST=https://pointofsale-application.amadeus.com+CDPHost=https://jcp.pointofsale-application.amadeus.com+AhaUtilitiesURL=CDPHOST+MultiMediaSite=media.amadeuscruise.com]]></Value></Param></ApplicationParams><StepResources><Initializing>Initializing...</Initializing><BackupInitializing>Initializing (from backup URL)...</BackupInitializing><Installing>Installing ShowcaseCore Components...</Installing><Loading>Loading Application...</Loading><Shutdown>Shutdown in progress...</Shutdown></StepResources></Init></ShowcaseCtxt></DsContainer></UpdateRequest>
11/30/12 09:42:54.344 CommsManager::ConnectorSend() : Using WashConnector

11/30/12 09:42:54.347 resource= : https://jcp.pointofsale-application.amadeus.com/appserver/vista/FrontController

11/30/12 09:42:55.960 Error WCL.1108.1 : Communication Error: ConnectorSend(https://jcp.pointofsale-application.amadeus.com/appserver/vista/FrontController) FAILED

Err[1108]: Connector: Failed to send http request