Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

How to allow Endpoint to completely bypass firewall

Hello all,

I have an endpoint that is streaming audio from within my network. When I broadcast the audio from outside of the network it works perfectly, but when it's behind the SonicWALL TZ400 is can't communicate to the servers on the other end. I've tried assigning the endpoints IP address to the IPS exclusion list, but it's still being blocked. Is there anyway to bypass all SonicWALL services by adding this endpoints IP to a rule or a list somewhere?

Thanks!

Category: Entry Level Firewalls
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    TonyATonyA SonicWall Employee
    Answer ✓

    @Twizz728 ,


    for the drop code, could you try disabling app control for testing and seeing if the traffic works? I know it says IDP, but i've seen that drop for app control before as well.

Answers

  • MustafaAMustafaA SonicWall Employee

    Hello @Twizz728 . One option I can think of is to create a custom Zone and assigned it a physical or virtual interface, where you can disable the security services on that zone itself. You can have that client on that zone, which essentially the traffic will not go through security inspection. I have to remind that this could lead to security risks though.


  • Twizz728Twizz728 Newbie ✭

    @MustafaA

    There is only 1 endpoint at the facility that needs these special permissions setup. I could put the endpoint on it's own interface with its own subnet so that the communication to other devices is limited. I can create a new zone where nothing is blocked or inspected to see if it works, unless there is a way to assign zone permissions to a particular endpoint through a rule, but I'm not aware that, that exists. I will try it and see what happens.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Twizz728 as long as the Security Services are activated on WAN it'll be inspected. A seperate Zone without the Services will not do the trick, IMHO.

    You could create an Access Rule from LAN to WAN for that specific address objects, disable DPI for that Rule and you should have the special permissions you need.

    To not put the other clients at risk I would go with a seperate subnet and zone to avoid any lateral movement.

    --Michael@BWC

  • Twizz728Twizz728 Newbie ✭

    Hey @BWC

    I created a separate zone and disabled all of the security features, the endpoint is on its own interface with its own subnet, and I created 2 rules, one from WAN to the new zone and one from the new zone to the WAN and made sure to allow any port, any service, and to disable any of the security services associated with the zone, but I'm still getting an error that my streaming application is failing to get a reply from the broadcast server.

    Is there anything else I can turn off? Right now I'm clueless to what may be happening here. I can take the endpoint from the office back to my house and everything works fine, as soon as it goes behind the business firewall we start having these issues.

    Thanks!



  • BWCBWC Cybersecurity Overlord ✭✭✭

    Is the "broadcast" done via Multicast or Unicast? Did you checked with Packet-Monitor what your Endpoint is doing when streaming?

    --Michael@BWC

  • Twizz728Twizz728 Newbie ✭

    Hey @BWC

    I had never used that feature on the SonicWALL before. Great to know it's there. I setup the packet capture and I can see where packets are being dropped, and on one specific entry I can see where packets originating from my endpoint going out to the server for the streaming service is being dropped. It's showing TCP ports 49977, 80 are dropped. When investigating the dropped packet I can see the message "Drop Code: 131(IDP detection DROP_IP_IDP_RESET_CONNECTION)"

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Twizz728 did you really enabled the option "Disable DPI" in the Access Rules?

    --Michael@BWC

  • Twizz728Twizz728 Newbie ✭

    Hey Michael @BWC ,

    Yeah I went in and checked the rule I set up. I also attached the rule for the WAN - New Zone and the New Zone - Wan rules.


  • Twizz728Twizz728 Newbie ✭

    @TonyA I went in and disabled app control and it's now connecting. I'm going to try to determine what is causing it to drop through the app control.


    @BWC

  • Twizz728Twizz728 Newbie ✭

    @TonyA & @BWC

    I've re-enabled my app control and gone into the configurations and set up the app control exclusion list to use the IPS exclusion list and it seems to be working for now. Hopefully this did the trick. Thank you both so much for all your help!


  • BWCBWC Cybersecurity Overlord ✭✭✭

    @TonyA I had these kind of drops in the past as well, don't know what AppControl is doing here, no logs no nothing to elaborate.

    But on the other hand, if DPI is disabled, how can AppControl interfere, shouldnt it be excluded completely?

    --Michael@BWC

  • TonyATonyA SonicWall Employee

    Hi @BWC

    We just did some testing and disabling DPI should disable App control as its needed. My theory on why it wasn't working for @Twizz728 is the access rule wasn't being hit.

Sign In or Register to comment.