Community home

mhumphrey · ‎11-12-2013

I've been asked to look at setting up a Sure Signal version 3 on our network. As our firewall is set to default deny, not surprisingly it didn't work at first. I've set up what I think are the correct firewall rules based on information in the eforum, but it still does not connect. Initially the power light comes on, then after a while the internet light starts flashing white. After a while longer, the internet light goes out, the service and users lights go solid orange and the power light starts flashing.

The firewall is a Fortigate 310B. I've set it to allow:

IP protocols 8 (EGP) and 50 (ESP)

UDP ports 500 and 4500 (IKE) and 123 (NTP)

to addresses 212.183.133.177-212.183.133.182 and 212.183.131.128/255.255.255.192

Can anyone confirm that this should be sufficient? I'm not sure what protocol 8 is for, and maybe it should be ICMP type 8 (ping), but ping is allowed anyway.

The other possibility seems to be that Vodafone have blocked our IP range, but it's not clear how to get this changed. Our IP range is 194.83.24.0/22 - in this case we are using 194.83.24.240.

Any advice, or pointers to documentation, would be appreciated.

mhumphrey · ‎15-01-2014

Sorry for the delay getting back to you - rather a lot to be done over the Christmas holidays. Having set up the packet sniffer, I've made some progress. The box needs to connect to some IP addresses that weren't on the list - 88.82.13.177 to 179. It also seems to need traceroute, UDP ports 33434 to 33535. Having added these, it's talking to the server and I no longer get any orange lights.

What happens now is that the Internet light flashes forever. I can see on the packet sniffer that traffic is going through constantly - mostly NTP, interspersed with IPsec traffic. Nothing seems to be blocked as each packet gets a reply. And yet it still doesn't finish connecting and allow me to use the box.

Any suggestions?

View solution in original position

Retired-James · ‎19-12-2013

Hi mhumphrey,

Everything looks fine with the details you’ve given.

If you’re now seeing a flashing power light, internet light is off and the service and in use lights are orange, it would suggest it can’t authenticate through the network.

Cam you try a different Ethernet cable?

It’ll also be worth testing the Sure Signal on a standard internet connection at home to eliminate a faulty Sure Signal.

James

mhumphrey · ‎15-01-2014

Sorry for the delay getting back to you - rather a lot to be done over the Christmas holidays. Having set up the packet sniffer, I've made some progress. The box needs to connect to some IP addresses that weren't on the list - 88.82.13.177 to 179. It also seems to need traceroute, UDP ports 33434 to 33535. Having added these, it's talking to the server and I no longer get any orange lights.

What happens now is that the Internet light flashes forever. I can see on the packet sniffer that traffic is going through constantly - mostly NTP, interspersed with IPsec traffic. Nothing seems to be blocked as each packet gets a reply. And yet it still doesn't finish connecting and allow me to use the box.

Any suggestions?

mhumphrey · ‎15-01-2014

It looks like I may have been too impatient - after leaving it alone for an hour or so, when I came back it has the correct lights - red, white, white, off. So it looks like it's working, though I'll need to get hold of one of the registered phones tomorrow to try it.

Retired-Kay · ‎16-01-2014

Hi mhumphrey,

Have you managed to test it?

Let us know how you get on,

Kay

mhumphrey · ‎16-01-2014

I'm still waiting for someone with one of the registered phones to come and test it.

mhumphrey · ‎17-01-2014

We've finally had a chance to test it, and it works fine. Thanks to everyone for their help.

Community home

Sure Signal firewall config