How to allow Endpoint to completely bypass firewall
Twizz728
Newbie ✭
Hello all,
I have an endpoint that is streaming audio from within my network. When I broadcast the audio from outside of the network it works perfectly, but when it's behind the SonicWALL TZ400 is can't communicate to the servers on the other end. I've tried assigning the endpoints IP address to the IPS exclusion list, but it's still being blocked. Is there anyway to bypass all SonicWALL services by adding this endpoints IP to a rule or a list somewhere?
Thanks!
Category: Entry Level Firewalls
Tagged:
0
Answers
Hello @Twizz728 . One option I can think of is to create a custom Zone and assigned it a physical or virtual interface, where you can disable the security services on that zone itself. You can have that client on that zone, which essentially the traffic will not go through security inspection. I have to remind that this could lead to security risks though.
@MustafaA
There is only 1 endpoint at the facility that needs these special permissions setup. I could put the endpoint on it's own interface with its own subnet so that the communication to other devices is limited. I can create a new zone where nothing is blocked or inspected to see if it works, unless there is a way to assign zone permissions to a particular endpoint through a rule, but I'm not aware that, that exists. I will try it and see what happens.
@Twizz728 as long as the Security Services are activated on WAN it'll be inspected. A seperate Zone without the Services will not do the trick, IMHO.
You could create an Access Rule from LAN to WAN for that specific address objects, disable DPI for that Rule and you should have the special permissions you need.
To not put the other clients at risk I would go with a seperate subnet and zone to avoid any lateral movement.
--Michael@BWC
Hey @BWC
I created a separate zone and disabled all of the security features, the endpoint is on its own interface with its own subnet, and I created 2 rules, one from WAN to the new zone and one from the new zone to the WAN and made sure to allow any port, any service, and to disable any of the security services associated with the zone, but I'm still getting an error that my streaming application is failing to get a reply from the broadcast server.
Is there anything else I can turn off? Right now I'm clueless to what may be happening here. I can take the endpoint from the office back to my house and everything works fine, as soon as it goes behind the business firewall we start having these issues.
Thanks!
Is the "broadcast" done via Multicast or Unicast? Did you checked with Packet-Monitor what your Endpoint is doing when streaming?
--Michael@BWC
Hey @BWC
I had never used that feature on the SonicWALL before. Great to know it's there. I setup the packet capture and I can see where packets are being dropped, and on one specific entry I can see where packets originating from my endpoint going out to the server for the streaming service is being dropped. It's showing TCP ports 49977, 80 are dropped. When investigating the dropped packet I can see the message "Drop Code: 131(IDP detection DROP_IP_IDP_RESET_CONNECTION)"
@Twizz728 did you really enabled the option "Disable DPI" in the Access Rules?
--Michael@BWC
Hey Michael @BWC ,
Yeah I went in and checked the rule I set up. I also attached the rule for the WAN - New Zone and the New Zone - Wan rules.
@TonyA I went in and disabled app control and it's now connecting. I'm going to try to determine what is causing it to drop through the app control.
@BWC
@TonyA & @BWC
I've re-enabled my app control and gone into the configurations and set up the app control exclusion list to use the IPS exclusion list and it seems to be working for now. Hopefully this did the trick. Thank you both so much for all your help!
@TonyA I had these kind of drops in the past as well, don't know what AppControl is doing here, no logs no nothing to elaborate.
But on the other hand, if DPI is disabled, how can AppControl interfere, shouldnt it be excluded completely?
--Michael@BWC
Hi @BWC
We just did some testing and disabling DPI should disable App control as its needed. My theory on why it wasn't working for @Twizz728 is the access rule wasn't being hit.