WatchGuard 'Internal Policy' intermittently blocking outbound web traffic

The first firewall policy is "Deny any traffic from 10.0.0.90", so that's what it's doing (your source IP is 10.0.0.90 in the deny message).

Policies are applied from top to bottom, and denies before allows, so that policy matches, denies the traffic, and no more are looked at.

What can you do about it? Change the policies.

One other possibility due to poor notifications from WatchGuard's user interface is licensing issues.

Even if you have manually entered activation codes, some models of XTM will go into single user mode. Only one IP, typically the one logged in as admin user, will be able to go out to the internet.

The Dashboard, SYSLOG entries ("Deny" due to "Internal Policy") and the license activation page will not give a clear indication that the Live Activation must be performed.

Further, WatchGuard's own support will frequently miss this issue while reviewing the configuration details.

Your policy for Vince is disabled and that is why it will not allow the port 49627 traffic through. As far as other traffic you have to see what ports are being used. Bigger question is why 49627 out and not using 80?

For example: The 15th Circuit Court of Palm Beach County http://15thcircuit.co.palm-beach.fl.us:8080/web/guest

They are using 8080 and it is blocked by an internal policy and Unhandled exception packet-00. You have to create a policy for tcp port 8080 and apply it and then the website will show up.

If you have a proxy rule then you can add the site/port/whatever to it. Or you can create a policies for managers\users if you use WSSO for you AD. But that is for a work\corp network

I have seen this all the time and have to do that for certain clients.

I am answering this even though it is old because google still shows this when people search so it may help.