I have currently Watchguard X5 Edge with firmware version 7.x after factory reset. I would rise till firewire 11.3. Someone can help me? Where can I find older software that Watchguard no longer provide?
Thanks
↧
Watchguard Edge firmware from edge 7.x to Firewire 11.3
↧
Error receiving email - 'SMTP error from remote server for GREETING command'
I have an issue with receiving email with attachments from a certain senders domain.
When they attempt to send in an email with attachments (PDF), they received a NDR from their mail server with the following message:
"SMTP error from remote server for GREETING command, host: mail.mydomain.co.uk (my mailserver IP Address) reason: 550 Requested action not taken: mailbox unavailable"
I'm not too sure where to look to resolve this. It states the error is from our end for the 'GREETING' command.
Looking at my SMTP-Proxy policy, General Greeting Rules, we have the default DENY rules for 'Non-allowed characters' and 'Maximum Length'. These Regular expression for these rules are:
Non-allowed characters:[^-.0-9a-zA-Z_\[\]]
Maximum Length:^.{513,}$
Our General Settings are:
Any ideas?
↧
↧
WatchGuard/Mitel SIP/VoIP
Hi folks,
A strange one, trying to figure this out...
We have a Mitel 5000 system, and a WatchGuard M300. The Mitel connects to a switch on port 48, IP address 192.168.2.61. Same switch, port 13, connects to the firewall for the Gateway/traffic.
I have mirrored port 13, and port 48, to port 47, and using Wireshark and a laptop can see SIP/traffic heading out/in from 192.168.2.61 to the outside world. If I unplug port 48, calls fail, so traffic is 100% flowing Mitel - Switch - Firewall - Out.
However, I cannot see in WSM on the WatchGuard any SIP/VoIP/whatever traffic. None at all, in fact, nothing from 192.168.2.61 at all... all policies on the WatchGuard are set to log, with detailed logging selected.
The reason i'm looking at this: Calls to the Caribbean work for about 20 seconds, then drop (voice stops followed by disconnect). All other...
↧
Watchguard - Allow user to login to domain over Site to site VPN
I have a Watchguard 515 firewall and have the site to site tunnel setup but if adding a new user to the computer it doesnt let the packets to send for authentication so I get a "We cant sign you in with this credential because your domain is not available". It does work on mobile vpnssl.
↧
Watchguard xtm 25 11.9.1 error
Error communicating with firebox x.x.x.x.
INTERNAL_ERROR: Error line 15406:Element 'stp-port': this element is not expected.
I tried to reflash with firmware but same error.
Sadly I am out of my contract with this device.. not sure how to fix this issue sort of hard resetting unit.
I cannot upload a new config.
↧
↧
Watchguard - Can't connect to NAT on secondary IP from the same modem
I am trying to connect to our website, and other publicly hosted addresses from a spare port on the same modem that is connected to the firebox.
Modem Port 1 connects to Firebox Port 0 and is defined as external with an address of 99.999.99.130/29, and three secondary interfaces 99.999.99.131, 132, 133.
My rules allow any traffic to SNAT 99.999.99.131, 132 to 192.168.110.15 which hosts the publicly accessible site.
The site works from everywhere with the exception of when I am connected to the same modem.
My test computer is connected to Modem port 4, and the Firebox to Modem Port 1. The computer is setup for DHCP which comes from the ISP. When I try to connect to https://99.999.99.131or 132 I get a timeout. If I try to connect by url name, I get a google search.
Is this not possible? Do I need a firewall rule, or do I need something...
↧
DPI question regarding browser history/cache. (HTTPS Proxy)
I noticed that when I exclude a domain/IP from Content Inspection on my HTTPS proxy, I have to clear the browser's data/history in order for the website to bypass DPI or use another browser (that is, if I had visited the site before and I was getting errors due to DPI). Why is that and what exactly do I need to clear (rather than clearing the entire browsing data/history)???
Thank you!!
↧
Traceroute gives time out after 9th hop and website is unavailable
Hi,
One of our customers can't visit their own site anymore through their business internet connection.
While troubleshooting with traceroute to narrow down the issue I get the following result:
traceroute to xxxxxx.be (185.96.XXX.XXX), 30 hops max, 40 byte packets
1 * * *
2 * * 213.224.201.241 473 ms
3 213.224.250.111 10 ms 12 ms 9 ms
4 4.68.72.21 13 ms 10 ms 11 ms
5 * * 4.69.153.186 14 ms
6 213.19.196.190 14 ms 213.224.201.241 0 ms 213.19.196.214 16 ms
7 213.19.196.214 0 ms 80.246.207.221 16 ms 0 ms
8 80.246.207.221 14 ms 79.170.92.21 0 ms 16 ms
9 79.170.92.21 0 ms * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
The website is reachable on another internet connection.
I've tried the traceroute from the firewall...
↧
Internet connection broken
When using WatchGuard Mobile VPN the Wifi connection will disconnect after about 5 minutes while connected. Not sure what the issue could be as this is my first time using WatchGuard and as a team were testing the mobile VPN with IPSec.
I noticed in the event log there are errors related to DNS that mentioned
"The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.
To register the DNS host (A or AAAA) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator."
↧
↧
branch office vpn routing help
Hi!!
I'm a bit stuck with a BranchOffice VPN routing configuration:
10.232.246.208/29 Local
-
10.248.141.0/24 Remote
The connection coming through the vpn needs to reach a server on the 172.22.4.0/22 subnet and i can't figure out how to do it since the network 172.22.4.0/22 is a 1to1 nat on another watchguard firewall, i'm kinda new to watchguard firewalls, any hints it's appreciated!!
Thanks in advance
Daniele
↧
Watchguard 'Malicious Web Sites/IPS' - add exclusion?
Hi,
With a Watchguard firewall device (M300's in my case) I am getting blocked by the WebBlocker to a particular page that should not be blocked in my opinion as the file is used in security scanning.
The message is:
Request denied by WatchGuard HTTP Proxy.
Reason: Category 'Malicious Web Sites' denied by WebBlocker policy 'WebBlocker.Internal-to-External'.
The setting is under Security - Malicious Web Sites.
So I added exceptions to the WebBlocker and the HTTP proxy for the site, but the page I want is still blocked, this time the message is:
Request denied by WatchGuard Firewall.
Reason: IPS detected for "WEB-CLIENT Shell Application Remote Code Execution -1 (Ransomwa/Access Control"
How do I report a wrongly classified site (or even change the classification locally), and make the IPS engine let it through? Is there a way to add...
↧
Watchguard configuration for BOVPN
Ok so I have a Watchguard 500 series at the main office and a 2 series at a home office. I've needed to setup a VPN between the two devices to get an IP phone to function properly.
With the current home office setup I have one interface set as 'external' and connect the cable modem directly here. Then I have a 2nd interface as 'trusted' which connects to the users home router. The phone and computer connect to the home router and the VPN works fine.
At the new home office location however the home equipment is a cable modem/router combo - so I have no dedicated WAN port - just 4 LAN ports.
Maybe I'm over thinking this but what do I need to do to configure this with the different home router/cable modem combo?
I've been using 'mixed' mode and am wondering if I need to be using 'drop in' mode - ?
↧
NAT from MPLS ip to internal ip Watchguard
Hi to all,
i have a question.I must translate an ip from MPLS 10.232.0.0/16 with my internal LAN 10.3.0.0/16.
How can i do this NAT?? I have tried to use 1-to-1 NAT but doesn't work.
Any suggestion?
thanks
↧
↧
Fireware 12.0 beta is available
If you want to test the new 12.0 version of the firmware, sign up/in here: https://watchguard.centercode.com
Pay attention to their note: "Note: We do not recommend that you upgrade XTM 505, 510, 520, or 530 appliances to Fireware v12.0."
See the PowerPoint file on the site for what's new.
Gregg
↧
how to route single IP address through one WAN connection as a test
I need some help, i have an XTM-25 firewall thats being fed by two WAN connections a DSL connection and a T1 connection.
how can i do i set up a rule that will allow me to route a single static IP through the WAN connection ONLY, and not touch the DSL connection? i need to be able to do this as a test and i have no idea how to set this up on an XTM-25.
↧
How long does Watchguard block Newly Registered Sites
Hi I'm having some trouble googling this answer up. I'm also low on sleep
But how long does a watchguard firewall block a newly registered web site by default.
Thank you
↧
What is causing slow throughout on WatchGuard M440 Firebox after power outage?
Hi guys,
We have been experiencing very slow throughput (10-20Mbps) on our Gateway WAN connection ever since a power outage in our DC.
We have a WatchGuard M440 Firebox connected to our gateway cisco router on multiple 100Mb and 1Gb interfaces(VPN, Internet, WIFI).
Cisco Router has been checked, there is nothing in logs to indicate anything untoward, no errors on interfaces, no speed/duplex mismatch, no routing issues, no CPU spiking,
We have bypassed firewall, connected laptop direct to Cisco router and achieve 60+Mbps, indicating firewall is root cause.
Even connection between our DMZ HP 1Gb switch and Firebox has a transfer rate in the Kbps range.
Is there any way in which this power outage or the power being restored could of affected the firebox's throughput/performance?
I should say that our support expired last year and turns out we...
↧
↧
DHCP for phones on WatchGuard T30
I am going to be putting in a T30 for a clients very small network. On his network he is going to have an IPitomy phone system connecting to SIP trunks from his ISP.
But on the physical network we will have devices plugged into the wall, from there a Linksys Managed PoE+ switch.
What I would like to do is assign VLAN 10 and VLAN 20 to a number of ports, if a phone is plugged in get an address from 10.10.0.x and if any other system is plugged in get 10.1.1.x. So, other than separate ports for separate VLANs - how would you do this?
↧
Every LogMeIn session timing out/disconnecting after 5 seconds.
Hi all.
Bit of a strange one but here goes...
We use LogMeIn Central to remotely support hundreds of our tablet devices all over the country, all of which have 4G data connections which we use to provide a basis to connect to them, among other things. We've used LMI for quite a few years now, never give us any trouble... until roughly 3 months ago. LMI has started to disconnect within 5 seconds of establishing a remote connection. This happens every time we try, regardless of which device we are trying to connect to.
We submitted a ticket along with a logfile from a test device to LMI Support and they came back with a suggested fix of changing the value of a registry key on the endpoints (HKLM\SOFTWARE\LogMeIn\V5\Net\NATUDP\DisableEx from 0 to 1). What this does is force the connection to relay to LMI's data-centers insteadof forming a...
↧
Web Server behind WatchGuard Firebox
Hi,
I have a couple of web servers on my LAN. I need to make these accessible to external users via the DNS name (I've already added the public DNS records which point to the external IP of the firebox).
How would I go about this with a firebox M300? I've read the configuration examples on the WatchGuard site, but I thought this would've been achievable without the need of introducing an optional interface? Image below which describes what I'm after.
↧