Quantcast
Channel: WatchGuard
Viewing all 1338 articles
Browse latest View live

Watchguard / Network Questions

September 16, 2016, 6:11 am
$
0
0

I was looking a coworkers Firebox config and need some guidance. The company is govt subcontractor who was required to meet NIST security compliance. They hired a x-military cyber-security consultant who redefined their network and setup the firebox.

The have approximately 50 user PC's, some printers, CNC devices, cameras, etc. The consultant subnetted the network based on location of devices vs function. (ie, They have printers, CNC devices, and servers in the same subnet) There are approximately 100 devices in the enterprise.

I do not claim to be an expert in subnetting, but this config really confuses me. All the subnets, and VLANs are defined as trusted interfaces. So, what is advantage of the subnet?


My next question is about this DHCP relay. Why is it necessary?

Last question... This policy is named Deny_All, but it looks like an...

Search

Royalmail Postcode Finder not working

September 19, 2016, 2:57 am
$
0
0

Hi spiceheads,

I have been banging my head against a brickwall(actually a firewall) for the last hour trying to figure out what needs to be whitelisted in order to get the Royalmail postcode finder working;

http://www.royalmail.com/find-a-postcode

I have a HTTP policy for IT persons which allows the site to return results for a given address, but the standard HTTP policy for staff seems to stop it from working. I have added the obvious *royalmail.com/* exception and anything else that I could find from viewing the source of the site, but it still isn't working.

Has anyone had similar woes with this site before?


Many thanks in advance,

Rob.

Watchguard 4100 authentication - one site bypass

September 20, 2016, 10:33 am
$
0
0

Does anyone know of a way to enable WG authentication (4100) for all but one site. For example, when my users try to reach our remote desktop broker, they would not have to authenticate first. If they try to reach the internet the need to authenticate.

My reason is I have a few Thin PCs that are logged on automatically (without credentials, and therefore not authenticated). The Thin PC's are in an area that could be accessed by our clients so I want to require authentication for internet access. Staff normally use the TPC to access a terminal server session, but can use the internet after logging in via port 4100. I would like to move these users to VDI sessions which require them to access a specific website on the external network. I am trying to eliminate them logging in multiple times, but still need to require authorization for...

External IP's to lan side of Watchguard

September 21, 2016, 5:11 pm
$
0
0

I am trying to setup a WG at a clients site to do something I haven't done before.  I want to present public IP's that our ISP has given us to internal interfaces.  For example I want to have say vlan 10 for a client.  I want our WG to rate limit their connection but I want them to use their own firewall and be able to either get the IP via DHCP or i can give it to them. I have a /27 from our ISP.  How can i go about doing this?

Thanks!!

Watchguard Mobile VPN software needs to be reinstalled regularly to work...

September 26, 2016, 5:15 am
$
0
0

Model: XTM545
Version: 11.11.2.B508770
Client - SSLVPN connection - downloaded from the Watchguard itself.

Hello - this has been an ongoing issue for my mobile users - through 3 different firmware updates and multiple reboots...

Our staff who use Watchguard mobile regularly will suddenly not be able to connect to Watchguard Mobile - it throws a small encrypted file on the desktop and drops. I have seen some people who have tried many times - with many of this files on their desktops...

Re-installing the software (we have taken to saving a local copy on their desktop) ALWAYS fixes the issue - until the next time. This is a mix of Windows 7 and Windows 10 systems and various platforms. It consistently causes problems for all mobile users, and even though it takes about 15 seconds to re-install the software - our CAO has had enough and...

Install Certificate Watchguard on linux server

September 29, 2016, 4:11 am
$
0
0

Hi,

i have a problem with a server linux red hat 6.

I cant go out with wget or yum update because there is a certificate watchguard :

ERROR: cannot verify URL .it’s certificate, issued by “/O=WatchGuard/OU=Fireware/CN=Fireware web CA”:
  Self-signed certificate encountered.
    ERROR: certificate common name “Fireware web CA” doesn't match requested host name “hostname URL”.
To connect to URL.it insecurely, use ‘--no-check-certificate’.

How can i install certificate.I have .PEM file.

Thank you to all.

Seba

WebBlocker 'Deny Message' page not rendering in Chrome

October 4, 2016, 1:28 pm
$
0
0

Hey Guys,

My WebBlocker 'Deny Message' page is not rendering in Chrome, working well in IE and Edge, haven't tried others.

When the 'Deny Message' page displays in chrome I just see the raw html;


HTML;

HTML
; lang="en"xml:lang="en"xmlns="http://www.w3.org/1999/xhtml"; %(transaction)% denied by Web Filter HTTP Proxy"text/css"body,table.body,h1,h2,h3,h4,h5,h6,p,td{font-family:Helvetica,Arial,sans-serif;font-weight:normal;padding:0;margin:0;text-align:middle;line-height:1.3;}h6{font-weight:900;font-size:14px;text-transform:uppercase;color:#FFF;text-align:right;vertical-align:text-bottom;line-height:46px;}body,table.body,p,td{font-size:16px;line-height:19px;}p{margin-bottom:10px;text-align:center;}a{color:#CC0000;text-decoration:none;}a:hover{color:#CC0000!important;}a...

failover

October 5, 2016, 8:26 am
$
0
0

Hi guys,

Still just shopping at this point, and getting familiar with WG models. I have yet to see any mention of the possibility of automatic failover from a primary ISP to backup one. (Not to mention failback.)

I know it's a tricky business... our present solution has never worked properly. The problem is in the area of "how do you know it's really down?" It uses a heartbeat scheme of some kind. (The only thing that works for sure is losing the ethernet link, but that never happens of course.) 

Anyway, I am thinking that at the very least, I need to be able to come in remotely on one of my two WAN interfaces and manually fail it back and forth. Is anything like this possible within the current offerings? Thanks.

Search

Macro-Enabled Documents via SMTP

October 5, 2016, 12:19 pm
$
0
0

How do you guys deal with malicious macro-enabled documents that come through SMTP proxy? We are getting DOC and XLS files with macros built-in (we block XL?M and DO?M files, I'm talking about DOC and XLS extensions for 2003 documents with built-in macros) all the time and I keep reminding our employees about not opening attachments from unknown senders (KnowB4 chart is really helpful), but I believe there must be a better way to handle those. Every macro-enabled document has something in common, like AutoOpen subroutine, Document_Open, Workbook_Open, Auto_Open and latest versions have vbaProject.bin embedded. Is there way to use Regular Expression value in Attachments - Filenames of SMTP proxy action that would search for those keywords and Lock the attachment if found?

I wish WatchGuard team approach was more intelligent about...

Join phone network to data network - Watchguard

October 6, 2016, 2:07 am
$
0
0

Probably really simple but a little unsure how to proceed.

Currently have a data network on 192.168.223.x and phone network on 192.168.224.x

They are currently completely separate from each other and have their own default gateway and go through different switches. 

What is the easiest way to put them together using the Watchguard so the data network can see the phone network?

This is needed as the phone system guys have implemented voice recording and the PC's need to access to this.  

Best configuration branch vpn watchguard

October 10, 2016, 2:54 pm
$
0
0
good afternoon

what would be the best vpn configuration of a branch between watchguard
 

Half download pictures from web

October 17, 2016, 12:24 am
$
0
0

When go to websites, there is certain pictures my clien cant download, it seems only half of pictures is actualle dowloaded. I gues there is som filter in my Firebox, which is triggered, but I cant find which one. I am using bot DPI proxy and full UTM's.

Amazon VPN tunnels up but no reply traffic

October 18, 2016, 5:10 pm
$
0
0

Hi Guys, probably it's a simple noob question, but i don't know what more to do. 

I have a WatchGuard FW and i'm trying to use VPN with Amazon. I follow a WG steps and I have my tunnel Up, but traffic is only in one direction.

AWS --> Local Network = Ok. From my instance in AWS I can ping my local network without problem.

Local Network --> AWS = Timeout. From my local NW I ping, and I see the traffic is going through VPN but i don't have answer from AWS. 

My security group and ACL is open Any traffic incoming and outgoing. 

Could someone help me ?

Watchguard Firebox XTM PAT

October 20, 2016, 4:16 am
$
0
0

Hi,

Hope you can help.A client of ours has a Watchguard Firebox XTM M200. We have inhereted this setup.
I am simply trying to allow RDP (remote desktop) on a port of 3390 externally to a PC located internally with a fixed IP.I have confimed it does work internally.Externallyitdoesn't.what i have done on the Watchguard is:

-----------------

Went to SNAT and created a new SNAT.

Name: RDP 3900
Externa/Optional IP address: Any External
Internal IP address: 192.168.0.23 (the PC)
Set source IP: un-ticked
Set internal Port to a different port: 3389

Then: Firewall policies - Add Policy
Name: RDP 3900
Type: Custom
Protocols: - Add - Single port - TCP - 3900 - Save
Add Policy

The in the From:
Alias - Any External

in To:
static NAT - RDP 3900

Save.

OK- so what have i missed!?

Thanks,








How to configure and install WatchGuard Firebox 2

October 20, 2016, 3:04 pm
$
0
0

Hi.
I have the WatchGuard firewall, modem / router dcp2420 and two network cables. I have no idea how they cables nor as firewall is configured. I must also add that when I turn on the LED lights do not light up. If anyone can help me very grateful in advance.
Greetings.

Search

Watchguard ADSL to Ethernet converter

October 24, 2016, 3:35 am
$
0
0

What's the best way to connect ADSL to a Watchguard. 


I currently use a  Vigor 130 ADSL/VDSL Modem which converts the DSL to Ethernet, just wondering if there are better options.

Thanks

Watchguard AP issue

October 24, 2016, 7:54 am
$
0
0

I have a watchguard AP200 that is only connecting at to the lan at 10Mbps.  Did all the diagnostic stuff (swapped cables - different switch).   

Anyone else see this and is it dead?

WatchGuard VPN issue.

October 25, 2016, 12:16 pm
$
0
0

So I have been having a issues with 2 IPSEC VPN's for over three months now. I have worked with Watchguard Support and have not found a solution yet. The issue that I am having is that 2 of my 7 VPN is loosing packets through the VPN. I can PING from WAN to WAN without any packet loss. Once I try it through the VPN i get 12% to 17% loss. We have been able to determine that it is not a hardware or ISP issue with testing that I have done. I have even recreated the config from scratch and I still have the same issue. Has anyone out there seen this issue? Or have any ideas?

Dimension Report Times

October 26, 2016, 9:43 am
$
0
0

Greetings Experts,

For all those who use Watchguard Dimension, what is the average time a per client report usually take for a month (30 days). It took me an average of 35 minutes to run that report. Is that normal ? Dimension is installed on an ESXI server where the host is configured with 8 GB RAM, 2 Sockets 4 Cores and a 4T HDD where the Dimension DB is almost 75%. Does anyone else experience this. Kindly recommend. Thanks in advance.
 

WatchGuard SSL VPN client issue issue

October 28, 2016, 2:53 pm
$
0
0
Viewing all 1338 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>