I have a Watchguard XTM 33 that will drop packets (both internal and external) for a few seconds every 10 minutes or so unless it is power cycled (normal reboots don't help) every week or so.
Has anyone else run into this issue? I've tried setting up scheduled reboots but it hasn't helped.
Hello all,
I have recently acquired a Watchguard XTM 330 firewall.
I've gone through and set up a fresh configuration on the firewall and allowed FTP and SMB file transfers. Additionally I have the server on it's own subnet (192.168.3.5).
File transfers appear to be working, except for the transfer speeds. I am only getting a total of 40 MB/s (Megabytes), but if I transfer directly through a networking switch I can get 110 MB/s.
I've tried going through the Management Tool, the Web GUI, and command line to see what could be causing the slow speeds. The best thing I can think that would be causing the issue right now is possible Intrusion-Protection. I've checked in both the command line and the the management tool and it shows IPS is enabled. Unfortunately, I cannot find where/how to disable it. The options that have been presented to...
I am trying to use the Firewatch feature of the dimension server for one of our sites and it is not showing any domain connections. We have another site that is showing connections but this one is nil. Is there a way to get this showing on the log. I I can see other activity under the executive and security dashboards. Any help would be great!
Hi all,
First time posting in the community, I'm not that new to spiceworks though. The reason I'm requesting your help is because I'm still struggling to undertsand what is making my current Interface's configuration connect to the internet, while the configuration I want doesn't work.
I just happen to be new to a company that has 2 ISPs, but currently we don't have real redundancy. So I started looking in all the trash we have and found this little red box that has multi-WAN capabilities.
My current LAN is 192.168.1.0/24 so I tried to configure my setup like this:
Trusted interface: 192.168.1.2/24
External interface: 10.0.1.253/24, Default Gateway: 10.0.1.254
Router: 10.0.1.254
No matter what I would try with this and after reading a lot of topics for quite a few days I decided to start again, once again but this time I let the...
Hello!
I have an XTM 25 at a client who got VoIP service from Fonality. They have a 50x5 connection from TWC. They have seemingly-random poor call quality and I want to implement QoS and probably traffic management. I know that QoS will get dropped after it leaves the firewall heading out to the world, but I am hoping at least to give VoIP the priority as traffic gets processed by the firewall.
I have read all the help file sections about QoS and TM, and I am still confused.
The client has Yealink T23G Gigabit phones, and an unmanaged Gigabit switch, which Fonality prefers, but due to the problems, we are going to install a Cisco SG300-10PP switch on a separate firewall interface and connect some phones to it for testing. That way, we can enable QoS on the switch, and also port-mirror to get a Wireshark capture to see if DSCP is making...
I was wondering if its possible to configure a xtm25 to work with a private mpls so that the private mpls firewall handles all firewall policies, routing and NAT.
As i understand, both interfaces on the mpls would need to be trusted. Perhaps even bridge mode.
Any help would be greatly appreciated.
Have no ports left on switch. Is it possible to set another interface up as if it's interface 1?
Hello everyone,
We are currently using Watchguard XTM 26-W, and using Mobile VPN-PPTP/SSL to access network folder at the office.
Last week, we installed Solidworks PDM 2016 pro version and SQL 2014,added MS-SQL / PDM policies to Watchguard firewall / Static NAT;TCP/UDP ports 1433,1434,3030, and Windows firewall
We can access the PDM vault from the local network at the office,but can not access the database/ PDM vault viaMobile VPN-PPTP/SSL.
Not sure if the current firewall policy is set up correctly or do we need to add additional firewall policy to access the PDM vault/ SQL database via VPN.
Thanks in advance.
Screenshot of the current firewall policy and error msg via VPN login.
Hello,
I am just trying to find out if anyone is using a Watchguard XTM device with Watchguard's APT feature? Do you think it is worth the additional cost? How is performing? Is it easy to manage/configure?
Thank you!
My Watchguard XTM 535 firewall reached production end of life December of 2015 but support remains until 2020 and we are current. We support 200 remote staff via PPTP VPN.
Though things are working fine, It has been suggested I should upgrade right away. I would love to hear any Spice thoughts out there.
Hello,
Currently I setup our 2 firewalls as two different gateways in our office network. One firewall's internet connection is becoming a problem (unreliable) hence I need to reconfigure it under present setup to "when office internet goes down, datacenter internet will take over and when office internet goes back up it'll go back to office internet". I am currently looking to setup firecluster but the 2 firewalls are on different buildings and are using different ISP networks for internet and also since this office is located off country (i hate flying) its a burden to set it up. Is there any other way in solving this issue?
Servers in our datacenter are using the datacenter firewall (gateway) for their internet connection and users in our office are using the office network for their internet.
Can I configure it in the DHCP server...
So I have put in an M300 watchgaurd firewall as a customer has a 700mb leased line and their existing Draytek just can't cope with the throughput.
When going through the new watchguard, the phone system doesn't work properly. You can't dial out and calls coming in ring but cannot be heard. When I switch back to going through the Draytek it's fine.
The only rules I can see setup on the Draytek Vigor 2860 are...
Port Redirection... :8888 to 192.168.100.30 private port 80
Open Ports...
WAN to 192.168.100.90 UDP 5060 TCP 1056 TCP 1818
WAN to 192.168.100.31 UDP 5100 to 5162
The rules I setup on the watchgaurd are as follows....
[img]http://i.imgur.com/iLlVhF8.png[/img]
Any ideas?
Firebox T50
Fireware 11.11.1 build 505668 beta
WSM 11.11.1 beta
I want to change the UDP timeout to see if improves VoIP call quality. I cannot find anything in PM to do so specifically for UDP.
Using the CLI, I tried, but failed, as seen below.
-- WatchGuard Fireware OS Version 11.11.1.B505668
-- Support: https://www.watchguard.com/support/supportLogin.asp
-- Copyright (C) 1996-2016 WatchGuard Technologies Inc.
--
WG#global-setting udp-timeout second 600
^
% Invalid input detected at '^' marker.
WG#config
WG(config)#global-setting udp-timeout second 600
^
% Invalid input detected at '^' marker.
WG(config)#
The '^' marker is actually under the 6 in thenumber of seconds.
What am I missing?
Hey Guys,
Recently I have been unable to reach a certain IP address, and the sites behind it.
I cannot ping the IP and running a tracert goes all the way there but cans out at the dest.
Tracing route to dest.ca [5.5.5.5] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 192.168.168.1 2 5 ms 4 ms 4 ms static-ptrlookup.ptr.isp.net [1.1.1.1] 3 5 ms 5 ms 4 ms static-ptrlookup2.ptr.isp.net [1.1.1.2] 4 10 ms 15 ms * static-ptrlookup3.ptr.isp.net [1.1.1.3] 5 5 ms 6 ms 7 ms static-ptrlookup4.ptr.isp.net [1.1.1.4] 6 7 ms 6 ms 10 ms static-ptrlookup5.ptr.isp.net [1.1.1.5] 7 8 ms 6 ms 6 ms somepeeringservice.internetxchange.net [2.2.2.2.2] 8 6 ms 4 ms 6 ms somepeeringservice2.internetxchange.net [2.2.2.2.3] 9 * * * Request timed out. (destination) 10 * * * Request timed out. On the WG in the logs I see nothing but 'allows'
ProxyMatch, ProxyAvScan: HTTP request URL match, pri=6, disp=Allow, policy=HTTP-proxy-00, protocol=http/tcp, src_ip=192.168.168.211, src_port=56647, dst_ip=5.5.5.5, dst_port=80, src_intf=2-192.168.168..x Network, dst_intf=0-ISP, rc=599, proxy_act=HTTP-Client.Standard.1, rule_name=Default, src_user=kpax@domain.local, dstname=dest.ca, arg=/, 1AFF-000B I can reach this site with no issue from any other connection. The ISP doesnt report an issue.
I have the site (ip and fqdn) exempted in;
Setup Default Threat Protection
Webblocker
App...
1>Has anyone tried/or know if you can run the Authentication Gateway/Event Log Manager on Server 2012/R2 CORE?
I have a cluster of XTM 850 boxes set up, and they are configured to send logs to a Dimension VM. I need to get this setup to log browsing history for specific people that are specified in a certain proxy with logging enabled. I seem to be able to get this to work if I use the client machines IP address in the proxy, after which I can search the Dimension logs by AD account, but it doesn't work if I use their AD account in that same proxy. Any ideas on what i'm missing? Thanks for the help.
Hi All
I've got a Watchguard XTM505 on 11.10.7.B498658 firmware.
We have just added a second LAN to our watchguard, LAN 1 is 192.168.1.0/24 (port1) and new one is 192.168.2.0/24 (port 2)
There is a switch with the normal PCs off of port 1 and a single server connected directly to port 2
When I ping from the server connected to port 2 I can get to the network PCs and out to the internet
When I ping from PCs that are connected to port 1 I can't get to the server on port 2.
I've tried adding static routes but that made no difference, I've also added a firewall rule, right at the top that allows traffic from Alias LAN1 to Alias LAN2 and another that does the opposite. That hasn't helped either. What am I missing here?
Hi,
My company is merging with another company and I need to setup 2 separate private network in a single office, I hope someone can help me.
I have a WatchGaurd XTM 505 that currently has below configuration:
Port 3: external internet connection
Port 4: Trusted VLan that connected to 3 chained non-routing 3com switches. Private IP range: 10.150.1.0/24, DHCP server relayed
My plan is to do the following and not sure if it's going to work or any potential problems:
on Port 4: use one of the non-routing 3Com switchs to connect to this port and setup a Trusted network with private IP: 192.168.1.0/24, DHCP server relayed
These 2 network don't need to communicate with each other.
Will this setup works?
Thanks,
Dai
Hi,
I'm trying to setup a network on an interface of my watchguard firewall. Here's how its setup:
However, when I connect my laptop to the device, I get a 169 address. I'm thinking its because of a routing rule that's setup on this firewall:
In the Dynamic routing section, under OSFP, I have:
router ospf
network 192.168.1.0/24 area 0
Is this the source of my problem? 192.168.1.1 is an old cisco switch that's doing all of the routing on our network now. I'm trying to get rid of it, and just need this one interface to function as a router for testing.
Thanks!
Hello,
I was wondering if it was possible to setup an interface to route traffic through only on specific IP address?
I am using an XTM M400 and we have one interface setup as the external and one setup as the trusted interface for the rest of the network.
I would like to setup another interface to connect a credit card machine to and have all the traffic go through a specific static ip that is separate from the other trusted interface.
I am basically trying too separate the credit card machine from the rest of the network. I will give it it's own network but I want it to go out over a different static IP from the block of IP's I have. So if I use 192.168.1.21 for the office network to go out on I then want the credit card to go out on 192.168.1.22
