Reply
Regular Visitor
Posts: 2
Registered: ‎06-30-2009

Motorola SBG900: firewall turned off, but still blocking

My ipsec tunnel is not coming up.  My firewall is off on the SBG900, but I see a bunch of these "NO SESSION DEFENSE" msgs in the SB900 firewall blocking log. It shouldn't be blocking, because the Firewall is off but I continue to get these in the blocking log.  I'm trying to setup an IPSEC tunnel to 128.107.200.68 but its failing.  I suspect its because the SBG900 is blocking.  What can I do to make sure the SBG900 doesn't block anything.  Is there a firmware update?  I've tried rebooting the SBG900 and putting 192.168.0.11 in the DMZ but still the SBG900 is blocking w/ reason "NO SESSION DEFENSE".

 

Initiator IP AddressInitiator PortResponder IP AddressResponder PortTransport ProtocolTimeBlocking Reason

192.168.0.11 0 128.107.200.68 0 UDP 2009-06-29 13:34:54NO SESSION DEFENSE


 

Email Expert
Posts: 18,241
Registered: ‎04-27-2004

Re: Motorola SBG900: firewall turned off, but still blocking

"No session defense" means that the router saw a packet that's part of a session, but never saw the packet that initiated the session.

 

However, it's complaining about UDP, which doesn't use sessions. That message should only apply to TCP packets.

 

I tried googling that message, but haven't found anything useful. 

Connection Expert
EG
Posts: 43,061
Registered: ‎12-24-2003

Re: Motorola SBG900: firewall turned off, but still blocking

I'm not familiar with that gateway's config pages/firmware, but take a look somewhere in the config properties for something to the effect of IPSec / VPN Passthrough, and if it exists, make sure that it is enabled.
Regular Visitor
Posts: 2
Registered: ‎06-30-2009

Re: Motorola SBG900: firewall turned off, but still blocking

I checked all the gateway config pages, and there is no option for IPSEC/VPN Passthrough.
Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: Motorola SBG900: firewall turned off, but still blocking

SBG900 = Not a good thing

 

Any of these combo cable modem/wireless routers are usually a very bad idea.  They hae all kinds of problems from crippled or below standard firmwares, very inflexible, etc.

 

My advice, ditch it, get a Comcast cable modem (or buy your own), and then get your own wireless router.  any decent router will have VPN passthrough options.  Now that's not to say it will fix your problem, VPN's are touchy and sometimes require some tuning on the VPN server side of things by your IT department.

Security Expert
CajunTek
Posts: 20,976
Registered: ‎10-07-2003

Re: Motorola SBG900: firewall turned off, but still blocking


Baric wrote:

SBG900 = Not a good thing A perfectly horrible concept!!! :smileywink:

 

Any of these combo cable modem/wireless routers are usually a very bad idea.  They hae all kinds of problems from crippled or below standard firmwares, very inflexible, etc.

 

My advice, ditch it, get a Comcast cable modem (or buy your own), and then get your own wireless router.  any decent router will have VPN passthrough options.  Now that's not to say it will fix your problem, VPN's are touchy and sometimes require some tuning on the VPN server side of things by your IT department.


There... I fixed it for ya.:smileyshocked:

TANSTAAFL!!