Description:
This article describes the necessary steps and possible solutions when an application on an end device in a LANCOM R&S®Unified Firewall network cannot communicate with the Internet and therefore does not work.
Requirements:
- LANCOM R&S®Unified Firewall with LCOS FX as of version 10.6
- Configured and functional network including Internet access on the Unified Firewall
- Web browser for configuring the Unified Firewall.
The following browsers are supported:- Google Chrome
- Chromium
- Mozilla Firefox
Possible causes:
Not all of the required ports and protocols are opened in the firewall:
Since the Unified Firewall uses a deny-all strategy, the necessary ports and protocols must be opened. If this is not the case, the communication does not work or only works to a limited extent.
- Consult the documentation of the application or contact the manufacturer to learn which ports and protocols are required for communications, and then open them. This is described in the following Knowledge Base article:
- Check the alert log for blocked packets and create an exception rule. This is described in the following Knowledge Base article:
Communication with certain web servers is blocked when the HTTP proxy is active:
If communication to a web server is blocked by the HTTP proxy, an exception can be created for either the DNS name or the IP address of the web server. This is described in the following Knowledge Base article:
Packets are discarded by the IDS/IPS:
If the IDS/IPS mistakenly classifies legitimate traffic as being malicious, an exception can be set up. This is described in the following Knowledge Base article:
Communication is prevented by the application filter:
If an entire service category was selected in the application filter but communication should still be possible with one of the listed services, this service must be allowed again in the relevant filter profile. If communications are blocked by the application filter, this can be seen in the alert log.
In this example the application filter blocks access to music streaming services, but access to Spotify should be allowed.
1) Navigate to the menu Monitoring & Statistics → Settings.
2) From the Appfilter Alert drop-down menu, select the option Save Raw Data Locally and click Save.
3) Now try to access the corresponding service with the application and use the Alert Log to verify that access is blocked by the application filter.
4) Navigate to the menu Monitoring & Statistics → Logs → Alert Log.
5) Under More Filters, select the option Category: Application Filter and check whether it prevented the communication. In this example, access to Spotify has been blocked.
6) Go to the menu UTM → Application Management → Filter Profiles and edit the relevant filter profile with the “pencil” icon.
7) Uncheck the desired service (Spotify in this example) and click Save.
