IPSec through F-Secure PSB Firewall

Got F-Secure PSB and IPSec VPN to my office and can't get those propely working together.

I am accessing Windows fileshare and webserver on remote machine but connection is still laggy and slow.

I have allowed IKE, ESP, IGMP, Windows networking, UDP and UPnP broadcast on firewall.

Missed something?

Comments

  • BenBen Posts: 2,640 F-Secure Product Expert

    Hello Itsupport,

     

    Please refer to this article.

  • Thanks, but this is not usefull because i don't have Freedome.

  • BenBen Posts: 2,640 F-Secure Product Expert

    Sorry for the confusion on my side. 

    In order to investigate this you could try to do a packet logging as described here.

    You could also try to temporarily create a test firewall rule to allow all the traffic between 2 test machines.

     

    If this rule doesn't work them some other component could be affecting the connections.

     

     

  • etomcatetomcat Posts: 1,318 Superuser

    Hello,

     

    Many IPsec-based VPN software have their own personal firewall integrated, sometimes based on the ZoneAlarm engine. FSAV PSB also has a built-in distributed firewall and the two can cause conflicts. Possibly you need to disable the VPN client's firewall driver or service to make things work smoothly?

     

    Yours Sincerely: Tamas Feher, Hungary.

  • There is no personal firewall in any known VPN clients.

  • etomcatetomcat Posts: 1,318 Superuser

    Hello,

     

    The Checkpoint VPN client software used to include a Zonealarm personal firewall engine, with the driver name "vsdatant.sys" and that one needed to be disabled before it could be used on the same computer with F-Secure Client Security.

     

    (However, that was several years ago and may no longer be true. Nowadays most VPN clients are SSL-based, not the complicated IPSEC things.)

     

    Best Regards: Tamas Feher, Hungary.

  • Did i named any vpn software or other firewall applications than F-Secure PSB?

    I am not using Zonealarm or Checkpoint VPN.

    I am using Zyxel IPSec vpn client (based on Greenbow code) and that F-Secure PSB.

  • MJ-perCompMJ-perComp Posts: 1,098 Superuser

    Well, you do!
    A bit of research revealed that the Firewall-Drivers Zyxel implemented are from ZoneLabs.

    @Ben please escalate. Deutsche Telekom is using Zyxel routers in business environments during the upcomming VOIP-Transition.

    A propper step-by-step advise is needed, even better fix the interoperability.

    Matthias

  • BenBen Posts: 2,640 F-Secure Product Expert

    @itsupport could you open a support ticket so we can better understand and investigate the issue.

     

    You can refer to this thread and provide an fsdiag of an affected machine to speed up the process.

  • VMAlaVMAla Posts: 1

    IPSEC client traffic is outbound so none of this is actually relevant as long as you allow the process (IKE Daemon) to connect. The dynamic firewall will then proceed to open up what it needs, no need to manually do any firewall configuration.

     

    For me the process (tgbikeng.exe) has automatically created dynamic udp rules for ports 4500, 1194, 500. I have not created any manual rules in addition.

     

    If you connection is laggy the issue might be elsewhere, unless you do not experience the same with PSB turned off.

    etomcat
This discussion has been closed.