Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,635,931

members

24

online now

1,813,794

discussions

Back to Top

Motorola SBG900: firewall turned off, but still blocking

Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congrats on Posting your first topic!

Message 1 of 6
1,478 Views
My ipsec tunnel is not coming up.  My firewall is off on the SBG900, but I see a bunch of these "NO SESSION DEFENSE" msgs in the SB900 firewall blocking log. It shouldn't be blocking, because the Firewall is off but I continue to get these in the blocking log.  I'm trying to setup an IPSEC tunnel to 128.107.200.68 but its failing.  I suspect its because the SBG900 is blocking.  What can I do to make sure the SBG900 doesn't block anything.  Is there a firmware update?  I've tried rebooting the SBG900 and putting 192.168.0.11 in the DMZ but still the SBG900 is blocking w/ reason "NO SESSION DEFENSE".

 

Initiator IP AddressInitiator PortResponder IP AddressResponder PortTransport ProtocolTimeBlocking Reason

192.168.0.11 0 128.107.200.68 0 UDP 2009-06-29 13:34:54NO SESSION DEFENSE


 

5 REPLIES
Posted by
Email Expert

Message 2 of 6
1,473 Views

"No session defense" means that the router saw a packet that's part of a session, but never saw the packet that initiated the session.

 

However, it's complaining about UDP, which doesn't use sessions. That message should only apply to TCP packets.

 

I tried googling that message, but haven't found anything useful. 




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Connection Expert

Message 3 of 6
1,463 Views
I'm not familiar with that gateway's config pages/firmware, but take a look somewhere in the config properties for something to the effect of IPSec / VPN Passthrough, and if it exists, make sure that it is enabled.



Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congrats on Posting your first topic!

Message 4 of 6
1,451 Views
I checked all the gateway config pages, and there is no option for IPSEC/VPN Passthrough.
Posted by
Networking Expert

Message 5 of 6
1,448 Views

SBG900 = Not a good thing

 

Any of these combo cable modem/wireless routers are usually a very bad idea.  They hae all kinds of problems from crippled or below standard firmwares, very inflexible, etc.

 

My advice, ditch it, get a Comcast cable modem (or buy your own), and then get your own wireless router.  any decent router will have VPN passthrough options.  Now that's not to say it will fix your problem, VPN's are touchy and sometimes require some tuning on the VPN server side of things by your IT department.




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon

Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon

Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Security Expert

Message 6 of 6
1,426 Views

Baric wrote:

SBG900 = Not a good thing A perfectly horrible concept!!! Smiley Wink

 

Any of these combo cable modem/wireless routers are usually a very bad idea.  They hae all kinds of problems from crippled or below standard firmwares, very inflexible, etc.

 

My advice, ditch it, get a Comcast cable modem (or buy your own), and then get your own wireless router.  any decent router will have VPN passthrough options.  Now that's not to say it will fix your problem, VPN's are touchy and sometimes require some tuning on the VPN server side of things by your IT department.


There... I fixed it for ya.

TANSTAAFL!!







Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon