Quantcast
Channel: WatchGuard
Viewing all 1338 articles
Browse latest View live

Port forwarding website on port 8000

$
0
0

Hey folks

I'm trying to open our router up to access PRTG from outside.  It uses https on port 8000.

So, I made a service for port 8000 on the Firebox (m400) and configured a port forward as usual, but it doesn't seem to want to work.

I feel there is something really basic here that I am missing or not thinking about... any ideas would be appreciated.

Thanks!
 


I already know the answer - or do I? 192.168.1.x (time two)

$
0
0

I already know the answer. But...maybe I dont.

I have a site that communicates with Dimension (as well as other things) via BOVPN. I have a /24 BOVPN setup to the entire subnet. The gateway there (T30) is 192.168.1.1...what ever.

Now, I have a new site - single user where I want to report to Dimension. The gateway there is also 192.168.1.2 (they also have a .1 that is running DHCP).

There really is no way to connect unless I change schemes correct? I only want Dimension - no LAN access.

Ideas????

Total Un-Install of SSL VPN Client.

$
0
0

I had a case open due to an error (Failed to get domain name). There is no question at all that this is the computer that I am on. I have removed and re-installed the client multiple times from multiple sources (T-devices, on-line blah blah).

So, now I am to the point that unless someone knows some mystery un-install thing (yes, I killed the reg keys I could find)...looks like I need to blast Windows ....

(Case was #01033938)


making changes to a firewall policy on watchguard UTM - Am I missing something??

$
0
0

Hate to admit how little I know about UTMs .

Have a watchguard UTM (X10e), that I am trying to make changes in a firewall policy for people to access a new camera system that requires different ports than the old camera system.

FIgured I'd just edit the existing policy that someone else set up - the new system will get the same IP as the old system.... I just need to change the ports. the old system used different ports than the new one.

I go into the web UI (192.168.1.1:8080), log in as admin go to firewall / firewall policies. On that screen, I highlight the camera policy and choose the edit button.

The policy loads but I don't see how I delete existing ports / add ports on the properties page... There's a watchguard program I could (need??) to use? There's no add / remove buttons on the properties page, like on the policy page.

Am I...

DMZ Watchguard

$
0
0

Hi everyone,

I`m looking for some advice on creating a DMZ on a Watchguard M300.

The background is this device is used to handle the internet for multiple tenants in a office block we maintain. Each tenant has their own vlan managed by the Watchguard so far so good.

A new tenant wants to provision their own firewall and have full control of their section of the network.

We have /27 ip addresses pool from the ISP so giving them an public address is not an issue.

The question how do I create an unfiltered connection straight through to an optional port and let the other firewall manage security.

Is it a case of creating a custom port on a spare eth and giving it a public ip address and reducing the subnet?

Any thoughts advice will be appreciated.

Adding Vlan tag to existing LAN interface

$
0
0

Folks;

I've got a Watchguard XTM5 that has been running with a simple setup; external interface on 6 and internal LAN on interface 1


I need to add a guest network to my WAPs and want to do so with a VLAN. I'm from a sonicwall shop where this would be easy; add a VLAN to that interface and make sure it passes up the chain. However, when I create the VLAN and attempt to assign it to interface 1, it looks like it wipes out my existing LAN settings.


and if I apply this;


So it looks to me like I'm about to wipe out my LAN if I do this. Is this the case? Do I need to build my LAN as a seperate VLAN and add both the VLANs to that interface? I really just wanted to slap this in without risking bringing the whole LAN down.

Problem with BOVPN, one subnet connect to more subnets

$
0
0

Hi, Guys!

I have some questions.

I need to connect two office witches BOVPN.

Head office: 192.168.100.0/24 & 192.168.1.0/24
Branch office: 192.168.2.0/24

I know that Watchguard only supports one tunnel.

However, I need to let 192.168.100.0/24&192.168.1.0/24 at the same time to connect to 192.168.2.0/24, how can I do?

WebBlocker not filtering HTTPS in Explicit Proxy

$
0
0

I am in the process of migrating from an ASA 5515 firewall and a MS TMG 2010 proxy to a Watchguard Firebox M200.

Have migrated all the firewall rules so far and have had no problems there.

However the TMG migration seems to be problematic. I have chosen to use an explicit proxy in the M200 to replace the TMG 2010 with it. I have configured WebBlocker and have defined the categories to block. It all seems to work fine with HTTP requests, but if one requests a site that is blocked in HTTP with HTTPS it seems to get through...

I have been reading several posts about other users facing the same problem and the proposed solution seems to be enabling DPI (Deep Packet Inspection?). However I see no option where I can activate this.

Is there such an option for the explicit proxy, or is this only available for the HTTPS Proxy?

Is there some way to...


I need help configuring WatchGuard M200 to allow MPLS phone traffic.

$
0
0

Hello All.

I am in the process of implementing MPLS at all of our locations. I am very new to MPLS and struggling with few things. I need some help in configuring watchguard firewall to allow phone traffic. All the packets on external port of the firewall coming in are being spoofed and dropped.

Internet from same provider is working fine and is getting out to internet. Its just the phone traffic. Unfortunately, I am not getting much help from the provider, except the WAN ip that needs to be allowed, which I have a policy to allow but still having problem.

Any help or direct me to right instructions would be much appreciated.

Thanks,

Asif

Fireware 12.0 has been released

$
0
0

PAY ATTENTION to the release notes before you upgrade! You'll be getting a new GAV vendor and it takes a while to get the device up to date after the firmware upgrade.

Gregg

WatchGuard XTM330 VLAN TO LAN HANDSHAKE AND NO INTERNET

$
0
0

HI GUYS, I ALREADY SET-UP A VLAN10 FOR OUR PRODUCTION AREA, MY PROBLEM IS HOW TO MEET MY EXISTING LAN TO NEW CONFIG VLAN10 AND FOR ADDITIONAL VLAN10 NO INTERNET.

WatchGuard XTM330 VLAN

$
0
0
Hi to All,
I already set-up VLAN10 for Interface 4 and LAN for Interface 2, my problem is how the 2 interface meet each other and how VLAN10 have Internet access?
 

Can't connect to Google related websites.

$
0
0

Our computers have been having a hard time accessing Google related websites like Google Search and Gmail. It's an intermittent issue. What i have noticed is that when the Firewall has been freshly rebooted end users are able to access the site but hours later or maybe after a day the issue comes back. I even tried with a computer that has no restriction and proxy policy enabled is does not connect. I have a WatchGuard XTM 515. I would gladly appreciate your inputs. :)


Watchguard BOVPN shared key (assist svp)

$
0
0

My predecessor has set up a series of BOVPN's across our chain, and all have a pre-shared key in the configuration.

Does anyone have any Idea on how to recover or change this key?  Since all of the BOvpn's were wizard generated, they have become a bit of a pain to manage... and my new boss and I want to change over to a manually controlled / administrated BOVPN configuraton.

M300 - Firmware 11.12.4 using WSM

$
0
0

Hey folks,

Quick one, hopefully.

I'm trying to configure inbound HTTP content inspection/action to redirect based on host header.I'm unable to find the HTTP-Content.Inbound rule anywhere.

Following documentation for both WSM and WebUI, but neither seem to have the option - yet its something that should be more than possible.

Where should I look?

I have external IP: 81.x.x.x

Domain 'abc.y.com' points to 81.x.x.x on 443

Domain 'def.y.com' points to 81.x.x.x on 443

HTTP/header redirect should redirect '*.abc.y.com*' to 192.168.3.100:443

HTTP/header redirect should redirect '*.def.y.com*' to 192.168.3.200:443

Any idea where to look?

The locations on documentation could be outdated.

Documentation 1

Documentation 2

Case opened with support, but wanted this open too in case SW Community have any thoughts...

Best,

Jim


X23 locking down a single inside machine.

$
0
0

I have a X23 running 11.3 that is locking down a workstation from outside access... When I look at the blocked sites, the IP of the device is listed and it shows IP scan attack as the reason.  The workstation is running windows 10, Symantec End point, and has been scanned with SEP, Malware bytes and a couple of other software packages... nothing show up... but when we remove it from the blocked sites, it works well for about a day and then gets blocked again....

I'm open to suggestions..

BTW this machine is not critical, but it is becoming a bit of a pain.

Thanks in advance.

How do we block one MAC on the WLC?

$
0
0

At one of our ancillary clinics we have a device on our private network. We have no idea what it is. We do know that it is the #1 by a HUGE margin device for being blocked from communication. Hands down, it is infected and is a rouge.

So, small office and I have personally laid hands on every device we can find in the facility. -.198 is simply not in the building. I know it is on the WiFi and what radio it is on...and cant find it. So, I can block it within System Manager - host watch, but, that does not have a "For Ever" option.

If I add it to a blocked list - none of my approved devices connect as they are not in the "allowed" list. Plus, we do not have the MAC's for the BYOD providers (yet) in this facility (that is the long term plan).

So- how would you block this - simple and dirty?


Not achieving full 1000Mbps line speed with the WatchGuard Firewall

$
0
0

Environment

M370 cluster running in a Active/Passive mode

Firmware version 11.12.4.B532064

1000Mbps Fibre circuit with BTNet

BT Router configured as 1000Mbp Full Duplex, 1500 MTU

WatchGuard WAN interface configured as Auto.

Issue

Seeing less than 500 Mbps throughput behind the firewall.

BT have checked and they are saying they are seeing 1000Mps through there router.

The only other HW in between the Firewall and BT router is a 1Gbps desktop switch to split the incoming WAN to the watchguard cluster.

Can anyone advise on what further checks I can carryout or make to achieve a higher figure?

VLAN not seeing the internet

$
0
0

I am lost

I have a new T30 firewall. I am not sure if I have a switch issue or a firewall issue with my VLAN tags.

VLAN10 is 192.168.1.1 - untagged on port 1

VLAN20 is 10.100.101.1 tagged

VLAN25 is 10.10.10.1 tagged

I think that my issue is that I have a trunking port on 1, it is going to my switch. IntraVLAN traffic works as does VLAN to VLAN for one shared network device. But, VLAN other than 10 have no internet. If I tag 10 on my network switch I get locked out of the firewall (restore).

I guess my question is: on my Netgear switch do I Tag, Un-Tag or what to switch port 1?


AP120 Default Config password (Putty)

$
0
0

The old WG standbys are not working - UN "support" - what is the PW???? Support had to move it to level 2 and see if someone can figure it out.

Viewing all 1338 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>