So I have a WatchGuard XTM 33 at a site hooked up to Comcast they havedynamicIPv4 & IPv6addresses and the firewall is pulling them perfectly. I can run diagnostic tools and it can traceroute/ping in IPv4 and IPv6 however the other Trusted/Optionalnetworks cant. I made sure all the rules allowed them get out; IPv4 is working perfectly its only IPv6. For the IPv6 private address i usedhttp://www.simpledns.com/private-ipv6.aspxtogenerateone. If anyone has any ideas thanks!
Hey all:
Having issues.
Setting up Watchguard SSO with AD. Currently using the client software on the clients.
A student logs off and a teacher logs in to the same machine - and the watchguard thinks it's still the student for filtering.
1. Does the client version or the event-log (clientless) version work better?
2. With the client version, I need to enable file and print sharing - right?
3. Do I need to open any other ports on the clients firewall with the client version?
Windows 2008 r2
Firebox xtm525 11.9
Okay, so not new to WatchGuard, but new to its wireless setup as I move into supporting small business clients that have the XTM-25W and 26W.
I'm using the following WatchGuard provided articles for creating a wireless network, running XTM 11.9.3:
And this one for creating a guest network:
My goal --to have the private network be able to access the LAN, and the Guest to access WAN only on 80/443. Pretty standard stuff.
Assuming I understand correctly, I can set up up to three wireless virtual interfaces. I've set up the first one as a Trusted interface. I can't use an IP address in the same LAN subnet for it, so I set it as one higher...
I am wanting to try out Watchguards anti-spam capabilities by downloading their XTMv software and running it in vSphere. I've got everything setup correctly 1 port coming from my gateway into the esxi host and connected into the VM for the "external" interface. I've also verified that everything is working right by setting up an RDP firewall policy and successfully testing that it works to my desktop.
Where my problem is, is with the SMTP proxy. I create a firewall rule for the SMTP proxy and tell it to send SMTP traffic onto our internal Exchange Server. When I try to telnet to the IP address I've configured on port 25, it is making some sort of connection, but nothing ever appears. Normally I would expect a response identifying itself as a SMTP server and allowing me to give it commands. All I see though is a blinking cursor, and...
Hello Spiceheads,
I am having an issue with Receive limits for e-mail. We are having an issue receiving e-mails larger than 13 MB. Here is our setup.
Watchguard Firewall -- Symantec Messaging Gateway -- Exchange 2010
I have looked at the Receive connectors and transport rules of Exchange 2010, and they have been set to22000 KB. The Symantec Messaging Gateway maximum message size is set to20971520 bytes
I am almost positive it is the Watchguard smtp-inbound-proxy that is causing the issue, but for the life of me I cannot figure out why, I have a screenshot of the settings below. I think it is the firewall, because when I get the bounce back to my gmail, when I look at the Messaging Gateway logs, the email had never hit the gateway.As you can see above the max. size is set to 50000 KB. Unless I am converting the sizes incorrectly, which I...
I cannot determine what is causing this error. I have a client that cannot email us, but we can email them just fine. I do not see any traffic from them in the live log except this. And even this was a rarity. (IP address changed to made up addresses)
2014-10-09 13:05:18 pxy 16: 123.62.456.78:19191 -> 25.124.292.11:25 [A t]: unable to get server cert Debug
2014-10-09 13:05:18 pxy 17: 123.62.456.78:19191 -> 192.168.10.14:25 [B t]: failed to make ssl server for client Debug
2014-10-09 13:05:19 Allow 123.62.456.78 25.124.292.11 smtp/tcp 19191 25 0-External 1-Trusted Allowed 60 56 (SMTP-proxy-00) proc_id="firewall" rc="100" msg_id="3000-0148" dst_ip_nat="192.168.10.14" tcp_info="offset 10 S 2226618210 win 32768" Traffic
Hi,
I'm trying to dial a vpn connection to one of a sister company via the windows vpn, but the connection doesn't establish. In the monitor I'm getting a connection timed out but no error message or connection which is denied. I have bypassed the firebox and can connect fine via VPN.
Any help much appreciated.
Regards,
Stephane
Hi
I have a Watchguard x55e firewall that I'm using in a domestic environment. It sits between a BT Openreach VDSL modem (fibre connection) and a router, a Draytek 2830n.
My broadband connection is about 70Mbps. I can get that no problem if I take the x55e out of the setup. However, when it's included, whether I connect directly to the x55e or via the Draytek, I can't get more than 38Mbps throughput.
I don't have any particularly complex firewall rules - just a couple of inbound ones to open some ports. It also doesn't have a great deal of routing/NAT'ing to do, because the Draytek deals with the multiple devices on its network - the Firebox just has to shuttle packets back and forth between the Draytek and the BT modem. The Firebox is currently configured in mixed routing mode.
If I monitor the CPU statistics in the Watchguard System...
Hi everyone,
I would like some guidance how to set up a BOVPN between two sites.
Site A: Main site. I will be using a XTM 21 device (might end up using our big XTM 515 though). This will have a Static IP address
Site B: This is a small portable office with no internet connection. We will have to use a 4G 'dongle' for mobile broadband. However, I'm informed the watchguard unit does not support the use of a USB modem/dongle, so I had to buy a Dovado router.I now have a 4G dongle hooked up to the Dovado router, with the latter hooked up to an external interface on the T10 device.
The users in site B will need regular access to our server in site A.
I've set up BOVPNs before as we have a few sites across the UK, as well a TeamCentre connection to a client. However, these are all staticIP to staticIP.
The Dongle will be receiving dynamic IPs, so...
Hello,
Recently my company has started to receive a ton of spam. Our servers are behind a Watchguard XTM 515 with the most up to date spam blocker definitions and software. I cant seem to figure out why so much spam is getting through all of a sudden.
The only thing I can think of that has changed is a little while back the network went down and a couple of our servers had to be repaired. Such as OS repair since the machines just powered off all of a sudden. I can't put my finger on it but something just seems to be a little off with the DNS/Network cards on our DC box. Almost as if the secondary card is now primary. I don't know if that has any thing to do with it But any help would be greatly appreciated.
Morning peeps.
I'm trying to set up the companies first ever VPN connection. I've tried before with differing boxes but never managed to get it working fully.
At present i have a WatchGuard XTM 33 and am trying to get SSL VPN to work. The problem I'm having is on the remote machine, is as follows:
Login against AD = works
nslookup IP = works
nslookup machine name = works
nslookup FQDN = works
ping IP = works
ping machine name = FAIL
ping FQDN = FAIL
As this is the furthest I've ever gotten before and considering the response from the dos commands I'm now really at a loss of what to do next. An ipconfig /all shows the correct domain suffix on the adapter as well as listing the correct IP's for our domain controllers and DNS.
The one thing i'm not sure about is this virtual hosting IP, the connection shows a 192.168.19.x for our servers and DNS but...
Hi,
We have a XTM525 and have set up HTTP and HTTPS proxies on the device. I am getting reports that users are experiencing some slow downloads and also Office 365/outlook can be slow at times.
Our connection is a 10Mb Leased Line and I've tried numerous downloads from different sites and the speed can very between 1Mbps to 25Kbps, I've tested some of these slow downloads at a different location which has a 120Mb cable line and get full download capacity.
There's no other significant traffic taking the bandwidth at our main site when trying these downloads so is there anywhere I can find why these sites are slow ?
I have a strange issues and I have tried almost everything I can think of to track down the issue.
I have an old Watchguard Firebox x500 firewall that is blocking access to (2) local government websites. (WWW.TEMPE.GOV&WWW.QUEENCREEK.ORG) I have look through all my logs there is no indication that the web sites are getting blocked be the firewall. I have turned on all HTTP logging & Diagnostics and there is still no indication that they are getting blocked or dropped. When looking through the logs I can see the out bound connection but there is no reply.
Here is the traffic monitor view filtered just to show the IP address for the web site.
2014-10-29 15:07:02 Allow 192.168.x.x 38.106.5.121 http/tcp 62879 80 1-Trusted 0-External RST received 40 128 (Admin-HTTP-proxy-00) src_ip_nat="98.174.251.38" src_port_nat="13725" tcpinfo="offset 5...
Is their anyone who could help me block https://youtube.com w/o enabling DPI? I don't want to enable deep packet inspection coz i dont want to install certificates on desktops.
Thanks.
Hi,
I'm trying get rid of the "untrusted connection" error in IE when connecting to the Firebox's authentication page but the steps I'm taking to deploy the certifcate don't seem to be working.
I'm starting by testing a local certificate install (instead of GPO) and so far I have tried the below steps whilst folowing info in this link - http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/certificates/import_clie...
I have;
-Exported my certificate from "Firebox System Manager View Certificates". The certificate I exported was the currently active Firebox web server certificate and the details were as follows - Status = Signed, Type = CA Cert, Alog = RSA, Subject Name = o=WatchGuard ou=Fireware cn=Fireware web CA.
-I then took the exported .PEM cert and converted it to .DER using ...
Here's the situation -
2 DNS servers running, both able to ping external IP address and can resolve domain names (google.com)
Computers internally are able to ping external IP addresses but cannot resolve domain names. Computers can communicate with our DNS servers.
Rebooting the DNS servers (1 at a time) doesn't fix this issue for the internal computers.
Checked with NSLOOKUP and tried using both DNS servers to try resolving domain names (before and after reboots) with no luck.
Rebooting the Watchguard XTM firewall somehow fixes the issue. It's currently running 11.8.B432340 OS version.
I'll be updating the firmware to the latest version today (v11.9.3), but has anyone else had this issue before? We've had this issue before (3 or 4 times I think, it happens every couple months since we installed it early this year) but we can't really sit...
I am starting a project of creating a VPN connection for our IOS devices to our Watchguard 525 v11.93, and assuming the IPsec is what i should configure. What are you using that works for you and any tips on setup would be appreciated
I am trying to figure out how to solve an issue I am having with Watchguard somehow blocking out RandMcnallys website directions. We can go to RandMcnally.com and it loads. However,when you try to get directions and it takes you to the page where it starts to load the map, it stays with the compass spinning and never loads. Looking through the Traffic Monitor it seems to be stripping the header of things such as Timing-Allow-Origin, X-Content Type Options, and several others. The tech had me turn this to allow instead of strip and it did solve the problem. However, it does not make sense for HTTP Proxy Response Header fields to have it set to if None Matched - Allow and if Matched -Allow. I checked with another department who uses a Watchguard and theirs were set to If Matched - Allow and if None Matched - Strip and theirs seems to be...
Hi,
Does anybody can help me the VPN client software for Windows mobile 6 to connect watchgurad...?????
Sujesh
Hello,
Wondering if it's possible to automate a report for my manager to tell him what times a particular Home Worker logged into their VPN throughout the week?
XTM 810 with 11.9.1.
Thanks!
