Wallwatcher problem

Archived from groups: comp.security.firewalls (More info?)

To learn more about what is blocked by my Linksys router and my
Sygate Firewall, I installed WallWatcher and chose the Linksys BEF
series as my router (BEFSR41).

After running it for 24 hours, and deliberately creating incoming
stuff via music streams and other routes, WallWatcher continued to
show nothing in the logs.

I went to Bandwidth and tried "test snmp". This resulted in Sygate
blocking the test and blocking all traffic from my standard router
IP address for 10 minutes.

Do I leave this "allowed" in Sygate? And if so, is it worth it or
am I creating a risk I didn't have before?

I don't fully understand what's happening.

TIA

Louise

Archived from groups: comp.security.firewalls (More info?)

louise <nospam@nospam.com> wrote in news:MPG.1d935c1c422f12549896f6@news-
server.nyc.rr.com:

> To learn more about what is blocked by my Linksys router and my
> Sygate Firewall, I installed WallWatcher and chose the Linksys BEF
> series as my router (BEFSR41).
>
> After running it for 24 hours, and deliberately creating incoming
> stuff via music streams and other routes, WallWatcher continued to
> show nothing in the logs.
>
> I went to Bandwidth and tried "test snmp". This resulted in Sygate
> blocking the test and blocking all traffic from my standard router
> IP address for 10 minutes.
>
> Do I leave this "allowed" in Sygate? And if so, is it worth it or
> am I creating a risk I didn't have before?
>
> I don't fully understand what's happening.
>
> TIA
>
> Louise
>

The personal FW must allow incoming traffic on UDP 514 from the Linksys
router's device IP of 192.168.1.1.

Duane

Archived from groups: comp.security.firewalls (More info?)

"louise" <nospam@nospam.com> wrote in message

> To learn more about what is blocked by my Linksys router and my
> Sygate Firewall, I installed WallWatcher and chose the Linksys BEF
> series as my router (BEFSR41).
>
> After running it for 24 hours, and deliberately creating incoming
> stuff via music streams and other routes, WallWatcher continued to
> show nothing in the logs.

I think you need to activate logging in your router settings (
administration page : log = yes ).
The default is off.

Archived from groups: comp.security.firewalls (More info?)

"joly joker" <me@privacy.net> had to wrote :

> WallWatcher doesn't do lookups on the internet. It only looks in your
> router.

sorry, I was wrong. You could have WW logging options set;
like convert IP addresses to URL's.

Archived from groups: comp.security.firewalls (More info?)

In article <dgh9rq$ndb$1@news5.zwoll1.ov.home.nl>, me@privacy.net
says...
> "louise" <nospam@nospam.com> wrote in message
>
> > Could you tell me exactly how you configured Sygate since we are
> > using the same combination of hardware and software.
>
> first off all could you tell us some off your router settings for this
> problem ( only if you still have this problem)?
> Are you using BEFSR41 v1, v2 or v3 and which WIN98, XP or other OS you are
> using?
> In v3 there is an Administration page where you have to set ( and save )
> Log --> must be yes.
> Logviewer IP address --> must be(?) 192.168.1.255 ( most easy, every PC in
> your LAN could get the router info).
>
> In WW you have a logging, a display and a router page which could give you
> trouble.
> What could be wrong? Wrong router selected on the router page? Nothing to
> log? Everything cleared on the display page?
> I don't think this is your problem, but WW is a part in this not functional
> process.
>
> You could start with Sygate allowing WallWatcher full access and if it's
> working you can finetune the WW settings in Sygate to only use the ports
> neccessary. If WW is already in the list of the allowed programs in Sygate,
> remove it and let Sygate allow WW again without limitations.
>
>
>
>
>
>
Router is: Linksys BEFSR41 - version 2
OS is Win XP Pro

I enabled logging on the router.

WW provides a "BEF series" option for choosing your router and
that's what I chose

Router IP address is correct

As you suggested, I removed WW from Sygate Applications. I also
uninstalled and reinstalled WW just in case something had gone
wrong with the installation.

In WW, there is an option to ping your router (on the special tab).
I tried pinging my router and Sygate came up asking whether I
wanted to allow WW, etc. I checked the always box and said yes.

Nevertheless, when I then tried to ping my router from WW, Sygate
came up and blocked it.

Now - if I go into the advanced settings for the WW application in
Sygate, there are many options and I've no idea what to choose for
any of them:
Application Restrictions (trusted IPs) - it is now blank
Remote Server Ports TCP and UDP - they are now blank
Local Ports TCP and UCP - they are now blank
NOTE - there are long drop-down menus for the Remote server ports
and the local ports and I do not understand them.
Allow ICMP traffic is checked
Act and Client and Act as Server are both checked

NOW - I turned off Sygate and pinged my router from WW
successfully. However, for me, this is not a long term solution
and I would like to be able to configure Sygate to allow it.

BTW, the port is 162 for one router (that's all I have). There is
an unchecked checkbox for "multiple routers), which is for ports
162 and 514.

Now - what to do?

TIA

Louise