Issues with Watchguard XTM 3

May 9, 2017, 9:08 am

≫ Next: Run Watchguard Management server through VPN?

≪ Previous: Watchguard configuration T30w to T70

$

0

0

I've setup an XTM 3 device at one of our remote offices. It's identical to ones we have at two other sites that we've had no issues with at all. The ISP is even the same at all three sites. However, this one will not pass Internet traffic. Everything looks like it's working fine however I cannot access anything on the internet. It will however create a VPN connection over to our main campus network and I can access everything on that network.
I hooked up another ISP to it to see if it was something with the ISP and I still couldn't access anything.

I then took the policy files from one of my working sites, changed the IP info and the VPN info and uploaded it to this device. The VPNs came up like before, but I still couldn't get online.

Any ideas as to what I'm doing wrong? I'm sure it's something simple that I have over looked.

TIA

-Matt

---

Run Watchguard Management server through VPN?

May 10, 2017, 1:20 am

≫ Next: Watchguard Fireboxes and Public/Guest Wireless Network Configuration

≪ Previous: Issues with Watchguard XTM 3

$

0

0

Hello,

We got an Firebox T30 i installed yesterday at our small branch office, my first Watchguard and I totally love it already. =)

Well, anyway, we don't have any server in the branch office, but we got a VPN-tunnel to our head office, where I got servers. Is it possible to run the Management Servers on a server there through the VPN-tunnel or is it to slow?

Best Regards,

Noiden

Watchguard Fireboxes and Public/Guest Wireless Network Configuration

May 10, 2017, 3:38 am

≫ Next: 1GB Internet feed - which Model M300 or M400

≪ Previous: Run Watchguard Management server through VPN?

$

0

0

Hi all

Firebox M200 running 11.12.2 Update 1.

I've got two interface set up on my firebox, one being a trusted interface for corporate data and the other is a public/guest wireless network that uses a 'custom' interface type. The 'custom' interface also provide DHCP for the guest network. I'm finding that clients connected to the guest wireless network are receiving WINS servers settings which are configured within the WINS/DNS tab on the Firebox for the trusted interface and I need to resolve this. Can I simply remove these settings to resolve, or should I be reviewing my configuration for the guest network?

Out of curiosity, what interface types and configurations do other Spiceworks users use when offering public/guest wifi through the Firebox? Is there a 'best practice' or guidelines for configuring an interface on a firebox when...

1GB Internet feed - which Model M300 or M400

May 11, 2017, 12:59 am

≫ Next: Watchguard XTM-33 winmail.dat

≪ Previous: Watchguard Fireboxes and Public/Guest Wireless Network Configuration

$

0

0

I am about to upgrade our Internet connection to 1Gbps and just need to some advice on the correct WatchGuard firewall to purchase .

When it comes to internet speeds should I be using the UTM throughput as the correct guide or just the Firewall throughput in which case the M300 would be adequate.

There will be around 150 users

Watchguard XTM-33 winmail.dat

May 11, 2017, 3:54 pm

≫ Next: WatchGuard 11.12.4 beta has started

≪ Previous: 1GB Internet feed - which Model M300 or M400

$

0

0

I have a user (Brad) that gets this message when (I think a particular customer) sends him messages with an attachment.  Now, if the customer sends the message to my Gmail account and then I forward it to Brad and he gets it just fine.

He has been having this issue for quite some time, I just upgraded my Firebox to v11.12.2 and he still has the same issue.

------------See Message Below-----------

The WatchGuard Firebox that protects your network has detected a message that may not be safe.

Cause : The file type may not be safe.
Content type : application/ms-tnef
File name : winmail.dat
Status   : File Name violation
Action   : The Firebox deleted winmail.dat.

Your network administrator can not restore this attachment.

WatchGuard 11.12.4 beta has started

May 15, 2017, 5:10 pm

≫ Next: Watchguard - Virus status : avg scanner is not created

≪ Previous: Watchguard XTM-33 winmail.dat

$

0

0

It can be accessed here:

https://watchguard.centercode.com/home.html

Gregg

Watchguard - Virus status : avg scanner is not created

May 16, 2017, 1:15 pm

≫ Next: HTTP-Proxy Watchguard blocking ??

≪ Previous: WatchGuard 11.12.4 beta has started

$

0

0

I have an issue about once a month with my Watchguard virus scanner where it appears to just fail. Everyone gets an error with the following info:

Text

The WatchGuard Firebox that protects your network has detected a message that may not be safe. Cause : The message could not be scanned for viruses. Content type : text/plain File name  :(none) Virus status : avg scanner is not created Action   : The Firebox locked (none). Your network administrator can unlock this attachment. 

The only work around is to reboot the Firebox. That's ok if it happens in the middle of the night as I'm generally here before everyone else and can reboot it. But, it just happened at 3pm in the afternoon when I have 10 people on Mobile VPN and about 50 others connected in via BOVPNs.

Anyone know what causes this or if there is a way to fix it without actually...

HTTP-Proxy Watchguard blocking ??

May 23, 2017, 6:18 am

≫ Next: T30 Blocking Sky Box On Demand Content

≪ Previous: Watchguard - Virus status : avg scanner is not created

$

0

0

Hello All,

I have been having an issue with a firewall rule. Our HTTP-Proxy rule will block certain things on certain websites which it doesn't need to.

I have a site, dasignescapes.com that we are unable to see the videos and or pictures because the firewall rule is blocking it. The site comes up blank except for text and the logo.

I am not sure how to change the rule to allow the content to be seen. Can anyone help?

Thank you:)

---

T30 Blocking Sky Box On Demand Content

May 24, 2017, 2:50 am

≫ Next: T30 Blocking Sky Box On Demand Content

≪ Previous: HTTP-Proxy Watchguard blocking ??

$

0

0

Bit of an odd problem - we've installed the T30 and on a Sky digital box we are now getting a message that the broadband isn't connected (see picture) but when we put the old router back it works fine. You can access the internet fine the only message we get in the dashboard for the T30 with a deny is

2017-05-17 14:02:42 Deny 192.168.1.75 80.238.13.2 51490 80 1-Trusted 0-External ProxyDeny: HTTP request port mismatch (HTTP-proxy.1-00) proc_id="http-proxy" rc="595" msg_id="1AFF-0020" geo_dst="GBR"

Can anyone shed any light on this?

thanks

T30 Blocking Sky Box On Demand Content

May 24, 2017, 2:50 am

≫ Next: Watchguard SSL VPN IP or Domain Name?

≪ Previous: T30 Blocking Sky Box On Demand Content

$

0

0

Bit of an odd problem - we've installed the T30 and on a Sky digital box we are now getting a message that the broadband isn't connected (see picture) but when we put the old router back it works fine. You can access the internet fine the only message we get in the dashboard for the T30 with a deny is

2017-05-17 14:02:42 Deny 192.168.1.75 80.238.13.2 51490 80 1-Trusted 0-External ProxyDeny: HTTP request port mismatch (HTTP-proxy.1-00) proc_id="http-proxy" rc="595" msg_id="1AFF-0020" geo_dst="GBR"

Can anyone shed any light on this?

thanks

Watchguard SSL VPN IP or Domain Name?

April 27, 2017, 9:57 am

≫ Next: Facebook messenger app blocked?

≪ Previous: T30 Blocking Sky Box On Demand Content

$

0

0

Currently I have a setup similar to the one in this screenshot from the watchguard docs. The IP address I've entered is the same as the Firebox external IP. Not sure why I did that but I'm thinking about changing it to it's own IP, any reason not to?

Furthermore, even though I've entered an IP here, we actually use the domain name to connect so what would be the reason to enter the domain name in the box instead as it seems to work anyway?


Secondly, I now have two external internet connections. So I would like to have a backup and I'm a bit confused as to how that works. If enter an IP in both, how would the user ever be able to connect to the backup when the domain\IP they are using is only on the primary? Would the user have to know both?

Currently I'm thinking I should use the failover feature at my domain dns provider to switch the...

Facebook messenger app blocked?

May 25, 2017, 7:32 am

≫ Next: Watchguard 500 device whats the best way to send traffic to/from one public IP

≪ Previous: Watchguard SSL VPN IP or Domain Name?

$

0

0

I'm an SMB owner with enough network history to be dangerous. We just decided to move from home office gear to SMB gear in our 30 employee shop. Just installed a Firebox T30W last week and love it. Seems pretty darned intuitive. Currently struggling with the Facebook messenger app on cell phones though. It's continually trying to connect. Is messenger trying to use some rando port I don't know about?

Is there an easy way for me to check what ports certain apps are using for future issues?

Thanks!

Watchguard 500 device whats the best way to send traffic to/from one public IP

May 26, 2017, 5:57 am

≫ Next: What ports to block on Watchfuard to protect the network from being Attacked

≪ Previous: Facebook messenger app blocked?

$

0

0

XTM 510 ---

I have a main public IP and 5 secondary IP's setup on one interface.

What is the simplest way to send all traffic coming into one of the secondary IP's to one server? 

Thanks in advance!

What ports to block on Watchfuard to protect the network from being Attacked

May 26, 2017, 8:38 am

≫ Next: Will the WG SSLVPN client work from China to USA?

≪ Previous: Watchguard 500 device whats the best way to send traffic to/from one public IP

$

0

0

What ports to block on Watchgaurd to protect the network from being attacked by WannaCry?
Please advise.

Will the WG SSLVPN client work from China to USA?

May 26, 2017, 9:43 am

≫ Next: Watchguard help in config

≪ Previous: What ports to block on Watchfuard to protect the network from being Attacked

$

0

0

Our company has recently hired an in-country rep in China for handling direct interactions with factories there we contract to produce product for us. I have been tasked with giving her access to a certain folder on our file server, so she and the office staff here in Arkansas can update shared Excel files for tracking product progress without e-mailing back and forth and wondering which is the latest version of the file.

My proposed solution is for the China employee on a Mac to use the SSL VPN client to connect to our Firebox M200, then use the Microsoft Remote Desktop app for Mac to remote to a dedicated virtual Win7 PC in our data center, so all actual work takes place on our internal network.

Are there any issues with using the VPN client from China? I know some security software can't be exported to China

---

Watchguard help in config

May 29, 2017, 12:47 pm

≫ Next: Log me in Remote Desktop - Not working with watch guard

≪ Previous: Will the WG SSLVPN client work from China to USA?

$

0

0

Hey everyone I am try to set up a watch guard for my small business

I have a watch guard firebox t30 and currently have 3 x Vlans set up
1 - for internal computers
10 - Guest Wifi
100 - Voip

I have a 350mbps internet connection but looking at the specs i dont quite know what speed I will expect. I have antivirus and ISP and web bloker enabled.

It says the firewall throughput is 620mbps
Ideally I would like to somehow set up difference scanning for my VLANS

Guest Wifi to have just web blocker
Internal to have maximum scanning
and Voip to have limited scanning

This way I am hoping that 180mb will be dedicated to my internal machines and then the rest can be used for VOIP and Guest Wifi.

I would also like to have have some policy based routing going on so that if my primary internet connection failed and swapped across to my much slower adsl...

Log me in Remote Desktop - Not working with watch guard

May 31, 2017, 6:53 am

≫ Next: Unable to successfully delete the default SSL-VPN policy

≪ Previous: Watchguard help in config

$

0

0

Hi,

I am looking for help with log me in remote desktop. We have recently installed a watchguard and everything seems to be working fine except for our log me in remote desktop.

We cant seem to access the log me in website or get access to the computers remotely.

Ive looked at the traffic monitor and found it is denying the access however I have no idea how or what policy to create to enable the traffic.

All the log me in website says is enable port 443 which as far as I can tell is already letting traffic through.

Unable to successfully delete the default SSL-VPN policy

June 1, 2017, 6:17 am

≫ Next: XTM2 series disappearing

≪ Previous: Log me in Remote Desktop - Not working with watch guard

$

0

0

The deafault ssl-vpn policy 'Allow SSLVPN-Users' keeps coming up when I try to delete it. I know it was created automatically when I enabled SSLVPN and it seems that the firebox keep creating it. After I delete it and save the config I reopen WG policy manager and the policy is still there.

XTM2 series disappearing

June 1, 2017, 4:56 pm

≫ Next: Watchguard XTM 25 Configuration file to New T50 unit

≪ Previous: Unable to successfully delete the default SSL-VPN policy

$

0

0

Been humming along nicely for a couple years then I moved the device to a new rack, plugged it back in and cannot find it through the manager. I can plug directly into the unit and access the manager, check all the settings, then put it back into the network and manager can no longer locate it once again.

Entire school network is off line, could the box somehow have bought the farm?

Thanks in advance.

Watchguard XTM 25 Configuration file to New T50 unit

June 6, 2017, 5:21 am

≫ Next: Watchguard Edge firmware from edge 7.x to Firewire 11.3

≪ Previous: XTM2 series disappearing

$

0

0

Hello Watchguard experts,

I have a Watchguard XTM 25 device. The live security subscription expired. This firewall is still in production (albeit not using the subscription services)

I have purchased a Trade-up to T50. The T50 unit has now arrived.

I plan to utilise the configuration file from the XTM 25 over to the new T50 unit. I have read the following: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#en-US/basicadmin/config_file_use_new_model_wsm.html%3FTocPath%3DConfiguration%2520and%2520Management%2520Basics%7CUse%2520an%2520Existing%2520Configuration%2520for%2520a%2520New%2520XTM%2520Device%2520Model%7C_____0

This seems simple enough. However, two things I have concerns about:

1. Will the above walkthrough work with the leap from a XTM 25 to a T50?

2. When should I activate the serial number of the new T50 device to my...