Hi,
I’m using free Comodo firewall and need to connect to VPN via SonicWall Global VPN Client. I can only do this if I disable Comodo Firewall. If I put it in training mode it silently blocks ISAKMP. Is there a way to configure firewall to let ISAKMP through?
Check your firewall logs and try to find out more about what port are blocked. You could also set a trusted IP range for the address of the VPN server.
Cheers
Could you please point me in the interface where can I set trusted IP range?
Logs show nothing, as I understand log (Firewall | View firewall events) only shows something if I mark the event to be logged in firewall rules. I have such a rule for SWGVC.exe and if I enable do logging for it I can see UDP packets sent to VPN server in question but I don’t see any responses. So I suspect those UDP packets get filtered out earlier in the stack.
Hi,
I already asked a question about my issue with ISAKMP here https://forums.comodo.com/empty-t50480.0.html. Lately I’ve upgraded to 4.0 version of the free Comodo firewall and still no luck. I have to disable firewall to allow SonicWall to establish VPN connection.
I’ve “wiresharked” the process of both successful and unsuccessfull ISAKMP exchange. If I disable firewall I can see ISAKMP packets coming from my VPN server. I’ve created a global rule (Network Security Policy | Global Rules)
Allow; IP; In/Out; Source Address: My VPN server IP; Destination address: Any; IP Details: Any.
But nevertheless when firewall is enabled no ISAKMP packets are coming. Having to go back and forth to disable firewall every time my laptop wakes from sleep hurts my productivity substantially.
try using Specific IP addresses in your global rule ,i think it may solve your problem!
Merged your old topic with the new one.
Thanks. When the wireshark session I’ve described was happening I did have (and I do now) the global rule “Allow and Log IP In/Out from to IP Any where Protocol is Any”. It is besides me why this rule is not enough to let ISAKMP packets through and I would appreciate any suggestion how to create an appropriate rule.
Can you check if you have the “All Applications” rule still in place?
If so please remove the “Block” rule from it and then try again.
What client are you using to create the Tunnel with?
I’m using SonicWall v4.2.6.0305. Removing “Block” rule from All Applications and also from Global Rules didn’t have the desired effect. However when I went to “Firewall Behavior Settings” and disabled Block Fragmented IP datagrams on Advanced tab I finally could establish VPN connection with Firewall in the safe mode. I wonder whether it is SonicWall or Comodo misinterpret the definition of correct ISAKMP package?
BTW does it make sense to re-establish the “Block” rules? I’ve tried, but I can’t see how to do this because the rules were saying something about “unmatched packets” and there’re no such settings when I add a new rule.
Well if you wish you could restore the Block IP IN ANY ANY rule on the Global Rules tab, but this will cause all incoming connection requests to be dropped without alerts. In it’s current form you’ll receive an Alert window if there is any incoming traffic that has no predefined rule for it.
The “All applications” block I would leave out because Comodo removed that also on the 4.0.x.779 release.
I also use an other VPN client but don’t have this issue… so it could be a specific SonicWall v.s. CIS issue
I have same problem with SonicWALL - running latest versions of both the vpn client and CIS. Any solution found?
Did you disable the ‘Block fragmented IP traffic’ in Advanced, Firewall Settings?
I just encountered this very issue today. Disabling Block fragmented IP traffic in the Firewall → Firewall Settings did the trick and allows the Sonicwall VPN client to connect.
Welcome to the forums and thanks for confirming this ‘workaround’ :-TU