Pardon my idiot question, but...

a) Sorry that I didn't take screenshots of this, at the time.

b) But... and, as best as I can recall at the moment, my question is this: Sygate security log mentions router IP address here and there, and it being blocked at times.

Well, while (hardware firewall aka) the router is designed to keep the poachers-bad guys out, I'd guess/assume (for good or ill), that on the other hand the router and PC have to "commune together" for the main part in order to function properly.

How do I better judge exactly what's being blocked?

As the query indicates, you can tell that I'm not really up on all this but I would like to learn more/better "smarts" on this, so I can tell what works/doesn't, and so on. Don't want one firewall blocking the other, at wrong time, or not doing what it should when it should.

Many thanks, for info/help.

 

Hi SG1

The communications must be authorised between your Router and your Firewall.
All these communications are done in local only (no Internet access...).

I don't have any knowledege of Sygate and I can't give you the exact rules for this but some hints about FW / Router communications:

1- At the ethernet level the access to and from MAC addr. of the PC and the router must be allowed

2- At the IP level the local IP addresses in the UP range used by the router must be allowed. E.g. : 192.168.0.0 to 192.168.255.255

192.168.0.1 = Router local IP
(check your router documentation: sometimes it's 192.168.1.1)
192.168.0.0 = the network itself
192.168,255.255 is the network broadcast addr.

The static IP for each PC in the LAN may be choose in any other IP of this range.

The best for an home or small enterprise LAN is to set static Ip addresses and in the router setup you may confgure each of these static IP addr. with the corresponding MAC addr.

3- UDP packets must be authorised between the PC and the router.

4- IGMP packets must be authorised between the PC and the router.

Did the router IP addresses blocked by Sygate form time to time are in the same range than the one used by your config.? This can happen if your FW authorised only some local IP not all the local IP range...

2 possible solutions here: change the rule to authorise this range or set your local IP to static IP and configure the FW rules accordingly...

Is it possible to upload here a FW log sample showing the blocked packets?

Hope this help.

 

Could you post the info contained from the "blocked" packets.

If you are not having connection problems, then dont worry. It may simply be (as example) uPnP traffic from the router.

Post the info, such as type (UDP/TCP etc), and ports used would be a start, and give some idea of what is happening.

 

Climenole, and Stem;

These logs may not jibe time/date-wise; just posting the blocked sections of the logs, to ask help in better understanding working of firewall/s.

In the Traffic log: blocked items fell under a block_all rule, in Sygate firewall.

In my case, or most I guess, 192.168.1.1 is # I'd type into address bar of browser, to access our Linksys router for setup, etc.

Many thanks, again, for info/help.

 

The only comms from your router being blocked are from port 4107 to local port 123. Local port 123 is for windows time. It would appear that the router is attempting time sync.

Do you have firewall rules to allow or block windows time?

 

Stem;

Um... dunno', for certain; but, Event Viewer shows this on a routine basis. So, what exactly what type rule would I insert in (Sygate) f'wall, to allow that if the router can't sync itself to time? And I gather that it's OK to allow that?

Thanks,

 

Hello,
You need to allow svchost.exe to connect ... permanently.
But the question is do you want to do that? Why do you need the time to be synced.
Mrk

 

Probably the same reason I Do, its because of this Daylight Saving Crap Also I'm Paranoid, and all the clocks in my House are to the Exact second