Home/Support/Support Forum/WR11XT - can't figure out why gmail (really all google services except google search) is being blocked by firewall
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

WR11XT - can't figure out why gmail (really all google services except google search) is being blocked by firewall

0 votes
I have a number for WR11XT modems that all have a similar set of stateful packet inspection rules at all sites. So far as I can tell I'm allowing all outbound traffic with statful inspection... and I have various rules for inbound traffic where there isn't an outboud request...

outboud I use:
pass out break end inspect-state

I don't have any other "specific" rules to allow "google/gmail" traffic inbound...

At most locations this works fine, I'm able to use gmail, google docs, hangouts, etc in chrome. However there are a few locations where gmail just doesn't work and I get ERR_TIMED_OUT from the web browser. All locations are using Verizon... and locations are spread across the US (CA, CO, IA, TX, ME, MD, OR, PA, etc).

Any ideas?
asked Jan 11 in Digi TransPort Cellular by plhandley New to the Community (1 point)

Please log in or register to answer this question.

2 Answers

0 votes
The simplest test to see if it is your firewall rules is to turn off the firewall (ppp 1 firewall off) and then run your tests again before turning the firewall back on (ppp 1 firewall on).

My next suggestion would be to upgrade the router firmware and confirm you are running the latest firmware on the cellular module as well. There have been a variety of throughput fixes in some recent firmware which may or may not fix this issue.

Nicholas Wilson
Your IoT
https://www.YourIoT.com.au
answered Jan 12 by NicholasYourIoT Seasoned Professional (225 points)
0 votes
Sorry... I should indicated that, indeed, turning off firewall fixes the issue. I'm seeing guidance on how I might solve the problem with the firewall enabled. It seems like the outbound stateful inspection rule (pass out break end inspect-state) isn't enough and I'm wondering if anyone has suggestions on other ports I need to open or ???
answered Jan 12 by plhandley New to the Community (1 point)
Initialise the firewall with the fw command and watch the firewall (type fwstat.hit) to see which rule is being hit.  Hash # it out and try again until you find the exact rule.  You can also check the firewall log to see if anything is being dropped that is essential.

Nicholas Wilson
Your IoT
https://www.YourIoT.com.au
commented Feb 6 by NicholasYourIoT Seasoned Professional (225 points)
...