RE: UPS Worldship connection problems with new firewall device

["Bruce Smith" <bruce_the_loon () tiscali co za>]

Hi Servie

I don't have any experience with the specific firewalls mentioned, so I will
limit my discussion to general comments.

First about the .exe requirements mentioned by UPS. The techie who suggested
this probably thinks you have a personal firewall like ZoneAlarm on the
machine and not a network gateway device. Those firewalls allow access based
on which executable app is requesting the connection in addition to the
normal rulesets. Since the software works when the user took the computer
home, there is definitely no personal firewall problem.

The rest of my suggestions are general to most firewalls.

It sounds like the SOHO3 was running a generic permit all traffic from
inside to outside while the TZ170 probably has a deny-all allow specific
ruleset from inside to outside. A lot of the discussion on this list has
been about the differences and which is preferable.

Since UPS doesn't appear to be very helpful, the only way to find out what
needs to be opened up is to look at the logs to see what is being denied by
what rule when the software attempts to connect to the UPS network. Try it a
number of times to see if it uses the same destination ports or wanders up
and down a range of ports.

Hopefully someone else on the list has had experience with the application
and knows that needs to be opened, but if not, then this methodology should
assist in finding out what is needed besides the simple yet insecure method
of adding a rule to allow the laptop to connect to any port through the
firewall.

Regards

Bruce Smith 

-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Servie
Platon
Sent: Thursday, August 18, 2005 2:52 AM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] UPS Worldship connection problems with new firewall device


Hello FW-Wizards and gurus,

I have upgraded my Sonicwall SOHO3 to TZ170 a couple
of weeks back for my small office network.

Everything seems to be working fine except for one
laptop which accesses UPS (United Parcel Service)
Worldship network.

As its description from the UPS website. UPS
WorldShipR is a full featured, WindowsR-based,
shipping software application for customers with high
volume shipping needs. WorldShip allows customers to
accelerate, streamline and enhance not only their
shipping processes, but financial and customer service
processes as well.

When we first installed the program in one of the
laptops, it seems to be working fine with the SOHO3
firewall.

And when, we upgraded to the Sonicwall TZ170, that's
when the problem started to set in. We were told by
UPS technical support since we have upgraded a
firewall appliance, the firewall rules may have
blocked inbound and outbound communication between our
small office network and UPS's network.

Furthermore, we were told that we need to enable
support for gethostip.exe, shipups.exe, upslnkmg.exe
alongside allowing access for 153.2.x.x network.

Since I don't see any documentation on this Sonicwall
TZ170 to do the adding of .exe files to the firewall
that supports this method.

I am uncertain though, whether my firewall rules have
something to do with it? AFAIK, other services such as
mail, terminal services are working fine except for
this one.

One odd thing that puzzles me is that if my boss
brings this laptop to his house and connect it to his
Home network through his router, he could connect to
UPS and be able to do work and send info in a
bi-directional manner.

Whereas, if he returns to the office he gets an Error
Code 53670 which according UPS has something to do
with our firewall and dns resolution.

I have attempted and failed to enable this feature and
am hoping that maybe someone may have encountered this
problem in the past who may have the solution.

Again, thank you very much.

Very sincerely yours,
Servie

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards