problems with wireless connection on firewall

pts.
Tags:
Firewalls
Forensics
Incident response
Intrusion management
Network security
VPN
Wireless
Hi, I have a "firewall"-box configured as NAT-router/firewall/transparent proxy which makes a connection to the internet with a WLAN card (to a hotspot). In fact for the moment it's a Kerio Winroute firewall on a Wintel box. So the "firewall"-box has actually 2 interfaces. One wired (connected to the internal LAN) and one USB wireless adapter which makes the connection to the internet through an access point. The connection setup works fine when the firewall is disabled but as soon as I start the firewall I also start losing the connection. The strange thing is that even though the Wireless monitor application (that came with the WLAN card) indicates the it has no connection to the internet anymore the clients behind the firewall can still connect sometimes. I have the same situation when I use the WLAN card on my PC and turn on a personal firewall. I assume that certain traffic cannot pass anymore once the firewall is running and maybe that's why the connection is dropped after a while. Now my question. What's the exact traffic flow involved in the "connection setup" and "keep alive" of a wireless connection and which ports need to be open on the firewall to keep the connection alive? Of course I don't want to have any unnesessary ports opened on the outside interface. Thanx for your answer.

Answer Wiki

Thanks. We'll let you know when a new response is added.

You may want to check if DHCP renewals are getting filtered.

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Gert5142
    I already tried to allow these services between the access point to the external interface: - DHCP/BOOTP - all ICMP - HTTP (the access point seems to send an announcement message encapulated in an HTTP packet)
    0 pointsBadges:
    report
  • Telecomking
    Most software based firewalls include a log of denied traffic. Your best bet is to watch the log and see what traffic is denied. You can then open the specific services you see are repeatedly blocked which are involved in maintaining the connection. Alternatively, you can do the research on the protocols. However, you might need to check with your ISP to see what proprietary things they might be doing to secure the hot spot. Best regards, Telecomking
    0 pointsBadges:
    report
  • Gert5142
    I already tried logging dropped packets but I don't see anything dropped. Where could I find the exact connection setup sequence from a WLAN card to an access point?
    0 pointsBadges:
    report
  • TRIKAYA369
    Hi !, You said that you don't want unnecessary ports to be accessed, is that right. Use some traffic analysis tools to check on TCP/UDP ports open and use some other tools to redirect known traffic thru your configured ports in the Fwall. This way you can monitor your clients traffic while keeping your infrastructure safe. Hope it suffices. Thanks
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following