Quantcast
Channel: WatchGuard
Viewing all 1338 articles
Browse latest View live

DDOS zombie identified - next steps?

October 31, 2016, 7:32 am
$
0
0

On Saturday one of our employee's computers started going crazy sending (blank?) https/tcp packets to one or two outside IPs: 23.210.82.146 & 23.193.251.116.

I tried to find out what I could, the source ports were changing, when I checked I saw the source port was 64665 and counting up from there.

My Watchguard Firebox M400 alerted me to these events, ddos_attack_src_dos. Which I get from time to time with users using their computers, but this was non-stop.

I blocked the IPs and eventually rebooted the computer which has stopped the attack for now. I scanned it with our AV and Malwarebytes but nothing was found, so I'm planning to wipe the computer clean.

Is there any further investigating that people would recommend before I wipe it out? Or any other recommendations from here?

Search

Why are Watchguard System Manager Licenses such a ripoff?

October 31, 2016, 11:38 am
$
0
0

For those that don't know, Watchguard System Manager allows you to manage all of your Watchguard devices under one console and do things like backup/track config changes and push out firmware upgrades on a schedule. It's pretty handy.

I love Watchguards features and usability, and I don't mind paying for extra's like AV/Websense/IPS subscriptions and even the Livesecurity subscription which gives firmware upgrade rights. But to charge so that I can just have all my devices under one management console seems crazy? Does Watchguard not want me to buy more devices so that I can manage them? I have quite a few 4 device "base" licenses but Watchguard doesn't allow them to be stacked, so I priced out what upgrade licenses cost and I couldn't believe it. We just bought 6 more of these devices with security subscriptions and was excited to get...

Blocking EXE with Exceptions

November 6, 2016, 7:30 pm
$
0
0

I understand Watchguard firewalls are able to block exe files but I wanted to create a scenario whereby we could add allow exceptions for a group of internal IPs 

Can this be done?

Create /24 VLAN's on /16 Network

November 8, 2016, 10:49 am
$
0
0

Hello everyone,

I am waiting for my 2 new fireboxes to arrive and in the meantime I was wondering...

If I configure my firebox with a /16 main network eg 10.1.0.0/16

can I create /24 VLAN's? eg 10.1.20.0/24 and 10.1.30.0/24

Watchguard BOVPN failover help?

November 9, 2016, 7:19 am
$
0
0

After many hours over many days over many weeks, my remote user made me pull the final hairs out of my head. We finally decided to get a dedicated line put in for him.

On our end, we have an XTM-515, on his end we have a T30-W.
I am looking for advice on creating a near-bulletproof BOVPN connection that will survive WAN events.

On our end, we have 3 WANs (all static IPs) and a 4G modem. in respect to this VPN, they will be called WAN1 (dedicated ATT DSL line for this user), WAN2 (alternate DSL line, our backup line in case WAN3 dies and also is our offsite CCTV upload line), and WAN3 (our primary internet and voip line). We will not be using the 4G modem for the VPN (it is our last resort internet line if someone hits the SPOC of the pole across the street)

On the remote end, we have 2 WANs. WAN1 is a fiber line from a CLEC of ATT, WAN2 is...

Port Forwarding on Watchguard Firewall

April 25, 2017, 11:45 am
$
0
0

Hi!

I think I've managed to confuse myself about this. So I have a user who is going connect through VPN and have a non-static IP that runs a program that needs access to ports 2222 and 44818. Since It is not a fixed IP I don't think I can do a SNAT, and local devices he is trying to connect to are more then 30 so I can't use one of their addresses either. I tried making a policy and using Any-External to Any-Trusted, but when I check on the open port testers they still say they are closed. We just recently got this unit and I'm more used to setting this up using a Sonicwall so I'm at a bit of a loss. Thanks!


Watchguard: No http category check

April 26, 2017, 5:59 pm
$
0
0

Hi

I have recently installed the 11.12.2 update for WSM and MX400 fireboxes. Upgrades went fine, or so i thought. The webblocker categories appear to be being ignored accross all of my policies. The categories to be blocked are set fine in webblocker and are set to use the websense cloud.

Checking the dimension logs, the traffic is showing the http proxy group being picked up fine, but where as previously there was HTTP Category Check entry, this no longer appears and categories that are requested to be blocked arent being. This is the same on HTTP and HTTPS policies. Specific exceptions set to deny on the policies are correctly being blocked by webblocker however.

I have disabled all policies bar one to ensure there werent any conflicting with each other and this had no effect. Webblocker is activated and showing another 500+ days left...

Setting external interface and internal NAT to the 10 subnet

April 27, 2017, 6:54 am
$
0
0

I am in the middle of a Vlan project. I have a 21w at the branch offfice. The internal interfaces are in the 10.1.x.x network. Since we are starting a VLAN project I am changing all my external interfaces from a class c to a 10's.  I am able to make my tunnel work because I have not changed my trusted interface to a 10's. The problem is I can not ping the new external interface and if I tried to add it as a trusted interface it tells me that I can't do it due to NAt statement in the main firewall.

Could I narrow the NAT statement and then add the new 10's as a trusted network?

Thanks for the help.

Search

VPN Conflict with Watchguard

April 27, 2017, 9:42 am
$
0
0

Hi!

So we have a consultant that wants to VPN into our network to do some occasional programming work and has his account all setup. The issue I'm running into with him is that he is using his personal laptop that he uses for a bunch of other clients with other VPN setups, and the Watchguard SSL VPN client he downloads will work the first time, but if he connects to another client through some other VPN tool (I think he uses OpenVPN and SonicWall for other clients) it will not connect after that without a fresh install. I think there is some competition with the driver when he is running all of these programs, and since it is not our equipment there really isn't a whole lot we can do. I tried to get him to use an OpenVPN setup that I have gotten o work with Vista, but it didn't connect. I'm getting pressure from above to make sure this...

Watchguard SSL VPN IP or Domain Name?

April 27, 2017, 9:57 am
$
0
0

Currently I have a setup similar to the one in this screenshot from the watchguard docs. The IP address I've entered is the same as the Firebox external IP. Not sure why I did that but I'm thinking about changing it to it's own IP, any reason not to?

Furthermore, even though I've entered an IP here, we actually use the domain name to connect so what would be the reason to enter the domain name in the box instead as it seems to work anyway?


Secondly, I now have two external internet connections. So I would like to have a backup and I'm a bit confused as to how that works. If enter an IP in both, how would the user ever be able to connect to the backup when the domain\IP they are using is only on the primary? Would the user have to know both?

Currently I'm thinking I should use the failover feature at my domain dns provider to switch the...

Watchguard Mobile VPN SSL - Mapped drives

April 28, 2017, 4:00 am
$
0
0

Hi,

I've got Mobile VPN SSL working fine.  Once user has installed and connected they then need to map their network drives.   

Currently done manually, i'm looking for best way to automate and deploy this.  Anything I can do to setup or run via the Mobile VPN client? 

Thanks

Watchguard FIREWARE WEB UI Deny message for block site

May 1, 2017, 7:11 am
$
0
0

I have blocked a website through watchguard Web UI. When Access, it appears to be blocked by a continuous loading times. I've tested it through a different device with a different ISP and it is accessible.  

Now since it is blocked. My question is: When a user/ any user access that website I would like a "Deny Page" or "Access is denied" landing page to load up on the screen.

How would I do this?

Thanks!

ideas why an SSL/IKEV2 connection will not be made

May 2, 2017, 12:04 pm
$
0
0

So I am having some issues with a location that is not able to make it's IKE/IPSEC phase 1 connection. It is also not finishing it's SSL Management tunnel.

My equipment has not changed for the past 3 months but the "host company" just changed their ISP (to the same one at my head end). Since the change I have not been able to get my XTM 25 to make the IPSEC vpn connection.

I am able to ping from behind the firewall to the head end firewall

I see Watchguard management traffic passing from the far end to the head end device (Port 4112)

I saw the SSL VPN TUNNEL authenticate on the head end device but it did not get a IP Address.

Head end device has 25-30 tunnels all setup basically the same way. I do not see any issues with the other tunnels/devices.

ISP says there should not be any issues sending traffic between the two sites

"Host company"...

Old x700 to XTM 515

May 2, 2017, 2:29 pm
$
0
0

Need to upgrade from Watchguard x700 to XTM 515 with same IP address

Can the configuration file be transferred?

Where to start?

Private network WatchGuard 25 XTM

May 2, 2017, 7:38 pm
$
0
0

Hi, I had a question about setting up one of the ports on my watchguard to become a private network that cannot see my home network. This network would be for a work computer and I want to keep the networks separate.

Currently I have the 5 ports on the watchguard in the following configuration

Port 1 = External

Port 2 = (trusted port) <-- IP Range 10.0.1.2 - 10.0.1.50

Port 3, 4, 5 bridged as a trusted Network <-- Ip range 10.0.2.2 - 10.0.2.50

Ports 3 and 4 have Wireless AP's and Port 5 feeds a 24 port switch for the network

I connected the secondary drop in the office room directly into the Port 2, which by default becomes the trusted port for managing the device if you happen to reset it to factory defaults. I use watchguard software and access it through the 10.0.2.x range with no issues.

Can I change port 2 from Trusted to Optional, then I'm not clear on setting up rules in the policy manager. Right now...

<-- Ip range 10.0.2.2 - 10.0.2.50<-- IP Range 10.0.1.2 - 10.0.1.50
Search

WatchGuard WebCenter Certificate - invalid

May 5, 2017, 7:00 pm
$
0
0

Hi,

Anyone direct me on how to renew certificate for the WebCentre (that's where WatchGuard Management Server, Log Server, or Report Server ) is installed.  I vaguely remember doing it a while back complication being it's also the CA manager hence it's done differently? thanks

Can I create and IPsec VPn between a Juniper SSG and WatchGuard firewall

May 8, 2017, 5:42 am
$
0
0

I am looking to move away from my Juniper SSG firewalls to a WatchGuard arrangement (probably M300s).

Has anyone had experience getting an IPsec VPN working between the 2 units?

Any advice would be helpful.

How to control external interface for OneDrive or Dropbox

May 8, 2017, 7:36 am
$
0
0

I have a multi-wan setup on my XTM33 device and I would like to control which external interface OneDrive and Dropbox will use.  I'd like both of these applications to use our 2nd external link because it has more bandwidth capacity on the upload side.  Can this be done in Watchguard? If so, how?

Thanks

Watchguard M300 NAT, PAT

May 8, 2017, 12:19 pm
$
0
0

Good afternoon nerds.  Question for you Watchguard gurus.  I for the life of me cannot map external ports to 3389 RDP inside.  I have tried everything and am totally stuck.  I can get to the internal address fine, but the port mappings absolutely will not work.  Am I missing something?  This thing is nothing like a Cisco...Thanks in advance.

Watchguard configuration T30w to T70

May 9, 2017, 3:13 am
$
0
0

I recently got a T70 demo unit to prove the concept that the T30 was underspect

The problem I am having is that I can`t migrate the configuration from T30 to T70, I was expecting it to be a simple export import but apparently I need to move the Feature Key.

When I try to download the Feature Key from the T30 it doesn`t do nothing apparently.

Could use any help on this one.

Thank you

Adrian

Viewing all 1338 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>