I'm running Dimension 2.1.1 U1 (515058) and am looking to connect the remote backup to a FreeNAS 9.10.2-U3 SFTP destination.
I'm getting blocked on the user name & password. Perhaps it's looking for an account on the NAS as opposed to the the account setting in Dimension. I believe that it's asking me for the certificate credentials. I'm not sure.
Has anyone tried this?
TIA
Scott
Looking at the Authentication list of my T70 from System Manager I see "Backend-Service@Any" is connected as a Firewall User from 0.0.0.0 with the connection time of 1 minute short of my system uptime.
This is a rather new device and I don't have much experience with it, so I don't know whether to panic or ignore it (absent any information, panic is the default). Current version on device is v11.12.2.B530236.
Thanky Mucho!
Have a L2TP VPN setup with a Watchguard Firebox T70 with 3 of 4 systems connecting with NO issues. The 4 systems are setup the same with the same OS, same networking settings, and same VPN connection settings. I'm out of my league knowledge wise, but three lines that show up in the Firebox log everytime the 4th system tries to connect stand out:
2017-08-01 12:24:16 iked (12.34.56.78<->123.45.67.89)IKE phase-2 negotiation from 12.34.56.78:888 to 123.45.67.89:4444 failed. Tunnel='IPSecL2TP' Reason=Received ESP encryption AES, expecting 3DES 2017-08-01 12:24:16 iked (12.34.56.78<->123.45.67.89)IKE phase-2 negotiation from 12.34.56.78:888 to 123.45.67.89:4444 failed. Tunnel='IPSecL2TP' Reason=Received AES key length 128, expecting 256 2017-08-01 12:24:16 iked (12.34.56.78<->123.45.67.89)IKE phase-2 negotiation from 12.34.56.78:888 to...<-><-><->I am using a watchguard XTM515 with 11.11.4. On this firewall I have several HTTP/HTTPS proxies...one of which is active directory authenticated and allows unfettered access for the domain admin AD group of which I am a member.
When I am logged on to my computer, it doesn't not apply that policy to me. I am denied access to many sites. If I add my IP address to the policy to allow it works.
What is strange is if I go to another PC and log on as myself, everything worked fine.
There are no policies in place that would cause this behavior....no denies or anything of the sort that would be denying my username.
Anyone have any ideas? This has persisted over a few releases of their software.
We have a "failover" solution that we are putting together and I have hit a snag.
We have a Watchguard Firewall in place and everything is working dandy. We have older CradlePoint's setup in most locations with a Virgin Mobile cellular card (USB) installed that we activate whenever the store's internet goes down. This is achieved by running the ISP through the CradlePoint, so it can tell when the ISP line goes unresponsive. It has been an OK solution, except for the fact that the cards go inactive after about 3 months of no utilization. So, when a stores internet DOES go down, I have to get the management to plug the cellular card into a PC, and program the modem with the new number, then move it back to the CradlePoint. Moving forward, we are going with a more permanent solution. Upgrading to the newer CradlePoint device with a Verizon...
I'm trying to setup a BOVPN from a T-70 to a Ubiquiti USG. No problem setting up the tunnel, it shows up and happy. However no traffic seems to be passing - pings, nothing.
Any suggestions on where to look? The firewall rules on the Watchguard were automatically created and look okay.
I've done USG to USG VPN's without issues, other vendors products to other vendors products, etc. First time doing Ubiquiti to non-Ubiquiti and suspect the problem is on the USG end.
About to yank that Ubiquiti out of that office and put another Watchguard in.
I'm new to the Watchguard world so be gentle.
So, I have a very low budget friend who needs a VPN (SSL W10 -> Subnet)...He could get a T10 w/Standard security...OR...I could hook him up with an XTM25W that I have (fully featured)...budget is the same for either.
They are both 32 bit...the XTM ad's WiFi and more ports (can act as his switch on a bridge)...what would you run?
Either would report back to my Dimension server.
Hi,
Apologies in advance if I am not explaining this too well!
We currently have an M200 on our existing network controlling all policies and inbound/outbound traffic.
One external WAN interface is configured on the M200 connected to an ADVA optical fiber access device however with only one active port. This mean only the M200 is able to receive connectivity from the ISP coming into the network.
We also have a T70 that we would like to add on to the network, to sit between the M200 and some of our core servers with limited policies and ports opened. The servers will need to be kept on the same subnet as the network they are currently on.
I do believe that the M200 is capable of doing this for us but the additional T70 is to be installed.
Is it possible to allow connectivity and traffic to be passed on from the M200 to the T70 before reaching...
Every time I hit "Save" in SM for my "T" I am told "Spanning tree no support blah blah blah"...I agree...I cant for the life of me find where to just kill it in my config...any ideas? (Same on XTM). 11.2.4...
Hello guys,
I am somewhat new to the enterprise level of networking, and was looking to get some help configuring my recently purchased XTM 330 firebox from WatchGuard. I have factory reset it, and am looking for the best way to configure it.
I have 5 static IP addresses from my ISP. One of them I want to dedicate to the firebox for connecting to it for VPN access to my network (96.70.78.27 is the static IP I want to use).
I also have a server setup with two virtual machines running on it. Each virtual machine has it's own static external IP address. (96.70.78.28 & 96.70.78.29).
My local network is in the range of 10.1.10.x, and my router ip is 10.1.10.1. I want to set my firebox up to be 10.1.10.2 internally for ease of remembering.
Both virtual machines currently have their network interfaces configured to use their dedicated IPs, as...
I've look in the knowledgebase and forum for the answer - maybe my search terms are bad.
Anyway, looking at things like "top clients" and stuff from the UI or Dimension, external address (most of them) resolve to their DNS name. No internal clients do.
I know with Sophos you could configure it so your internal IP addresses resolve to names. I can't find that functionality with Watchguard.
The DNS settings on the Watchguard are pointing to my internal DNS servers.
Hints anyone?
Thanks
Our computers have been having a hard time accessing Google related websites like Google Search and Gmail. It's an intermittent issue. What i have noticed is that when the Firewall has been freshly rebooted end users are able to access the site but hours later or maybe after a day the issue comes back. I even tried with a computer that has no restriction and proxy policy enabled is does not connect. I have a WatchGuard XTM 515. I would gladly appreciate your inputs. :)
I have successfully added http proxy but that doesnt include https so when i added https proxy and used the same configuration with https it seemed that all browsers are being blocked with the error saying "the site cannot be reached".
I have exported certificates from the firebox and imported them to the users.
Did i miss something?
I've noticed for a little while the new speedtest.net is not working when I run it on a computer behind my watchguard firewall. It has not been a big deal as I could switch to the older one but I decided to do some troubleshooting. I found that my deny all rule was blocking webcache/tcp port 8080 which is stopping the new speedtest from running.
Watchguard SSO is configured and works great for users on Windows 7 machines, but when logging in as those same users on a Windows 10 system it doesn't authenticate automatically with the firewall.
When authenticating manually it works just fine and we've verified that the login appears in the event log on the DC where the Authentication Gateway software is installed and running fine.
The Watchguard troubleshooting points in the right direction by eliminating possibilities, but I'm at a loss as to why the software isn't seeing the domain logins from windows 10 machines. Any ideas what else it could be?
We have a watchguard firebox with webblocker enabled. Many inappropriate youtube videos still show up. With our DNS server forced google and youtube to safe search but the youtube safe search is excessive. There are two computers on the network that we would like to allow access to I guess full youtube so other videos can be viewed, such as unrated videos. Is it possible with the DNS server to allow two machines, can set static ip, to only bypass the youtube safe search. Ideally would be to set up a password bypass so only certain people can bypass it and it wouldn't be machine specific?
I swear there was a default policy to allow Any-connect (Cisco vpn). My side is W7 enterprise...the other side is the federal government (us the US)...what am I misssing? All I see is red (blocked packets) as the ICMP is unhandled The other side of this will not support the VPN behind any firewall.....
Hi all,
How can I make my XTM visible from behind a modem/router?
For example :
The modem/router that my XTM is connected to gets it's IP from the ISP. So I can't turn the XTM into a public facing edge/gateway device.
The modem/router is my public edge and the XTM has to sit behind it like so -
ISP > Modem/Router > XTM > LAN Switch > Devices
I have seen it done and I was wondering if anyone could possibly help me here?
Thanks
Hi , i have a T10 without license . I know that pfsense support big watchguard appliance but not small ones , is any option for a Open Source Os?
Successfully connected with Shrewsoft VPN but unable to ping or communicate to anything on primary domain. Noticed that it's on a different subnet does it have to be on the same subnet?