SmoothWall – Allowing Windows Updates and Windows Activation

KB ID 0000441 

Problem

I’ve had fun this week installing a new virtual environment for a client with a SmoothWall firewall. It took a call to SmoothWall support for me to get Windows updates to work, then after activating a few 2008 R2 servers via phone, I was motivated to get online activation running as well.

Windows Activation Error – (We are being blocked by the SmoothWall Proxy).

A problem occurred when Windows tried to activate. Error Code 0x8004FE33

Windows Update Error – (We are being blocked by the SmoothWall Proxy).

A error occurred while checking for new updates for your computer Code 80072EFD

Solution

1. Connect to the web management console of the SmoothWall. Select Guardian > User defined categories.

2. Select the “User Defined Categories” tab.

3. Give the Category a name > Set Filter type to “Content and URL filtering” > Copy and paste in the domains listed below > Then click “Add”.

Domains Required for Windows Update

[box]

windowsupdate.microsoft.com
update.microsoft.com
c.microsoft.com
download.windowsupdate.com
genuine.microsoft.com

[/box]

Domains Required for Windows Activation

[box]

sls.microsoft.com
wer.microsoft.com
connect.microsoft.com
go.microsoft.com
sls.microsoft.com
crl.microsoft.com
microsoft.com

[/box]

Note: These are the top level domains.

4. Select the “Filters” tab > Give it a name > Set the filter type to “Content and URL filtering” > Expand “Good” content > Tick “Software Updates”.

5. Scroll down and expand “User Defined” > Locate the user defined category you created in step 3 and tick it > Click Add.

6. Select the Policy tab > Groups = All groups > Change the filter to the one you created in step 4 > Time period = Always >Action = Allow > Tick “Enabled” > Add.

7. From the menu select Guardian > Authentication > Settings.

8. Scroll down to the “Do not require authentication for these domains….” section > Paste in the domains you also pasted in in step 3 > Click “Save and Restart”.

 

Related Articles, References, Credits, or External Links

NA

SmoothWall site to site (IPSEC) VPN to Cisco ASA

KB ID 0000436 

Problem

You would like to put in a site to site VPN from a site that has a SmoothWall firewall to another site that has a Cisco ASA.

Note: This procedure was carried out on a SmoothWall UTM 1000 Series appliance, and uses a pre-shared key to authenticate the VPN.

Solution

1. For The Cisco end of the configuration, you can configure it from command line see here, or from the ASDM see here..

2. Connect to the SonicWall’s web management console. Navigate to VPN > IPSEC subnets.

2. Set as follows,

Name: Can be anything give it a recognisable name.
Enabled: Tick.
Local IP : Leave blank.
Local Network: The network behind the SmoothWall.
Local ID Type: Local IP
Local ID Value: Leave blank.
Remote IP or Hostname: The outside IP of the Cisco ASA.
Remote Network: The subnet address behind the Cisco ASA.
Remote ID Type: User Specified IP Address.
Remote ID value: The outside IP of the Cisco ASA.
Authenticate by: Preshared Key.
Preshared Key: The same key you entered on the Cisco ASA e.g. This1sak3y
Preshared Key again: Repeat above.
Use Compression: Leave un-ticked.
Initiate the connection: Tick.

Advanced Options

Local Certificate: Default.
Interface: PRIMARY.
Perfect Forward Secrecy: Tick.
Authentication type: ESP
Phase 1 cryptographic algo: 3DES
Phase 1 hash algo: SHA
Phase 2 cryptographic algo: 3DES
Phase 2 hash algo: SHA
Key Life: 60.
IKE Lifetime: 30

3. Finally press “Add”.

Note: To edit an existing tunnel, in the summary at the bottom place a tick in the “Mark” box then click “Edit”.

4. Normally that should be all you need to do, however you may also need to allow zone bridging, select networking > zone bridging.

5. Set as follows,

Source Interface: IPSec
Destination interface: Port that the hosts inside the SmoothWall are plugged into.
Bi-directional: Tick.
Protocol: ALL
Source IP: 0.0.0.0/0
Destination IP: The subnet behind the SmoothWall.
Service: User Defined
Port: Leave Blank
Comment: Put in a sensible text comment.
Enabled: Tick

6. Finally press “Add”.

Note: To edit an existing zone bridge, in the summary at the bottom place a tick in the “Mark” box then click “Edit”.

 

Related Articles, References, Credits, or External Links

NA