IPSec through F-Secure PSB Firewall

itsupport
itsupport W/ Alumni Posts: 5 Security Scout

Got F-Secure PSB and IPSec VPN to my office and can't get those propely working together.

I am accessing Windows fileshare and webserver on remote machine but connection is still laggy and slow.

I have allowed IKE, ESP, IGMP, Windows networking, UDP and UPnP broadcast on firewall.

Missed something?

Comments

  • Ben
    Ben W/ Alumni Posts: 664 Cybercrime Crusader

    Hello Itsupport,

     

    Please refer to this article.

  • itsupport
    itsupport W/ Alumni Posts: 5 Security Scout

    Thanks, but this is not usefull because i don't have Freedome.

  • Ben
    Ben W/ Alumni Posts: 664 Cybercrime Crusader

    Sorry for the confusion on my side. 

    In order to investigate this you could try to do a packet logging as described here.

    You could also try to temporarily create a test firewall rule to allow all the traffic between 2 test machines.

     

    If this rule doesn't work them some other component could be affecting the connections.

     

     

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Hello,

     

    Many IPsec-based VPN software have their own personal firewall integrated, sometimes based on the ZoneAlarm engine. FSAV PSB also has a built-in distributed firewall and the two can cause conflicts. Possibly you need to disable the VPN client's firewall driver or service to make things work smoothly?

     

    Yours Sincerely: Tamas Feher, Hungary.

  • itsupport
    itsupport W/ Alumni Posts: 5 Security Scout

    There is no personal firewall in any known VPN clients.

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Hello,

     

    The Checkpoint VPN client software used to include a Zonealarm personal firewall engine, with the driver name "vsdatant.sys" and that one needed to be disabled before it could be used on the same computer with F-Secure Client Security.

     

    (However, that was several years ago and may no longer be true. Nowadays most VPN clients are SSL-based, not the complicated IPSEC things.)

     

    Best Regards: Tamas Feher, Hungary.

  • itsupport
    itsupport W/ Alumni Posts: 5 Security Scout

    Did i named any vpn software or other firewall applications than F-Secure PSB?

    I am not using Zonealarm or Checkpoint VPN.

    I am using Zyxel IPSec vpn client (based on Greenbow code) and that F-Secure PSB.

  • MJ-perComp
    MJ-perComp W/ Alumni Posts: 669 Firewall Master

    Well, you do!
    A bit of research revealed that the Firewall-Drivers Zyxel implemented are from ZoneLabs.

    @Ben please escalate. Deutsche Telekom is using Zyxel routers in business environments during the upcomming VOIP-Transition.

    A propper step-by-step advise is needed, even better fix the interoperability.

    Matthias

  • Ben
    Ben W/ Alumni Posts: 664 Cybercrime Crusader

    @itsupport could you open a support ticket so we can better understand and investigate the issue.

     

    You can refer to this thread and provide an fsdiag of an affected machine to speed up the process.

  • VMAla
    VMAla W/ Alumni Posts: 1 Security Scout

    IPSEC client traffic is outbound so none of this is actually relevant as long as you allow the process (IKE Daemon) to connect. The dynamic firewall will then proceed to open up what it needs, no need to manually do any firewall configuration.

     

    For me the process (tgbikeng.exe) has automatically created dynamic udp rules for ports 4500, 1194, 500. I have not created any manual rules in addition.

     

    If you connection is laggy the issue might be elsewhere, unless you do not experience the same with PSB turned off.

This discussion has been closed.