Hi,
I am looking at setup ip filtering on a watchguard xtm 33 device. we want uses to be on the approved IP List before they can access RDP.
Any ideas how this can be done?
↧
Setup IP Filitering on a Watchguard
↧
Internet speed slower through network than direct connect to modem
Hi, I have a watchguard XTM 25 firewall which is running DHCP sitting right behind of the ISP modem. Plugged directly into the modem I get download speeds of 300 Mbps! Sounds great. Upload is a solid 30 Mbps.
I have a 24 port Netgear switch plugged into the firewall Port configured for a 10.0.2.x network. Everything is gigabit transfer speeds internal network. When doing a speed test with the watchguard in the mix, I max out at 92 MBps.
The watch guard seems to be slowing things down. I have all the right policies, I think and nothing is blocked. Some websites are blocked when they have apps, for example this site won't load with the watch guard, but outside the watch guard it loads. So there is something there the firewall is blocking. Due that its blocking some things, I am wondering if its a bottle neck on my network.
All the basic...
↧
↧
Watchguard Firewall & S.thebrighttag?
Hello everyone!
Our Watchguard firewall has recently been blocking a few instances of s.thebrighttag.com adware. I checked the source IPs and researched how to remove said adware but when I got to each system there was no trace of it where any of the articles stated it would reside. I was wondering if perhaps our firewall is just blocking this adware that may be embedded on websites our users are traveling to and not necessarily infecting our systems themselves? Thanks for any help!
↧
L2TP VPN on a Watchguard - Can ping network resources but not file server
Fresh setup of VPN L2TP with passphrase, using the new wizard. I can connect but I am unable to access internal resources. I can ping my server and printer, but I cannot see my network shares or view the print queue.
I have messed with the auto-generated policies to allow external connections (internet) and though I also added my L2TP-Users group and I cant seem to get anywhere. I can access the internet and ping but not able to access any resource.
↧
Watchguard Botnet detection
Hi Guys,
I need your help how to find the NODE (IP address of machine) on botnet detection. It's showing only our PUBLIC INTERNET address on Watchguard dimension Logs.
↧
↧
IKEv2 through RADIUS-server
Hello,
We have set up a IKEv2 VPN-connection through our watchguard xtm device. Authentication goes through our RADIUS-server and is working fine but
- internet connection is not shared (although IP-range is added to NAT)
- connected user had no access to our internal network
The RADIUS-server allow access for users that exist in a GLOBAL GROUP named GG_VPN in our Active Directory. We have tried adding this group in the IKEv2 Configuration and apply policies for internal access, but this is not working.
Does anyone have experience with this set-up and if so, please do advise.
↧
Admin Account Disbaled
Bonjour
We have the WatchGuard M300 and as per the title the admin account is disabled.
Right background.
I’m 3 months into this role and was troubleshooting our VPN as no one has been able login for a few days, pings fine just won’t accept any credentials. So as part of my investigation I decided to log onto Firebox to check the VPN settings are ok, that’s when I noticed the account has been disabled, it was working last week.
I have managed to contact the old Head of IT who put this system in and asked him if he had any other credentials and he only had the admin account. LDAP and AD is not set up, the other default read only account is also disabled.
I can log onto WebCenter no issues and System Manager – just whenever I try and access firebox through the front or through System manager I get shut down.
There are no other logins...
↧
Watchguard Firewall Admin Account Lockout
Hi All,
Have a customer with Watchguard in which it looks like the admin account has been attempted until it's locked and it now shows as disabled.
M300 is the device model. Anybody got a way around this just to make it unlock itself at least so we can get back in?
Looks like the attempts were made 2 or 3 days ago so.
Thanks
↧
Radius authentication for VPN. Domain trust relationship.
Hello All.
I have set up an L2TP Vpn. Using radius authentication. As far as the VPN goes everything is working well. I have set this up within domain A.
We have a domain trust relationship where both forest are at the same level.
I need to be able to add users from both domains to the l2tp users group to authenticate against the radius server.
If I switch the group from Universal to Domain Local I get the option to add a user from the other domain, but it says " Domain local object is just a placeholder" it shows the users name but no object information.
Does anyone know how to achieve what I am trying to achieve?
My only thought would be to set up a domain.local group then add that group to the l2tp users group?
Tested web UI radius authentication when I set the group to domain.local.
Now everything is back to universal.
↧
↧
Watchguard uncategorised ignoring the exception
Hi guys and gals,
See below Watchguard details:
Device: XTM 515
Version: 12.0.0
We utilise WebBlocker on our http and https proxies.
We use Websense cloud for WebBlocker lookups.
Within WebBlocker, we have defined what categories we want to block. We have selected the option "when a URL is uncategorised" to DENY.
A website is being blocked because it is uncategorised.
See below:
OK, this is easy, simply add that website with a wild card *.cas-ltd.uk.com/* to the exceptions list and set to allow. Simple stuff, I have done this many, many times. HOWEVER, the website is still being blocked due to reason uncategorised.
This is not just specific to this one website. It is for most websites which are uncategorised.
Why is this happening?
In the exceptions tab, it clearly says "If the URL does not match any exceptions defined above, Use the WebBlocker...
↧
WhatchGuard and reviews
I would like to know the pros and cons of the WatchGuard T35. There is a vendor trying to sell me the T30 - from what research I have done this is an older product. The T35 allows for "click audit" feature and I like that ideal. We have up to 12 host and of course the guest WiFi to consider. Bandwidth is fiber to road and coaxial to office. This is a medical office and in the past we have used checkpoint. Feedback is appreciated...
↧
Watchguard failover link (FTTC) can ping but not browse
Hi,
I'm having a bit of an issue with our WG 200 where, when I take down the primary wan link the secondary kicks in I can ping bbc etc but cant browse. After doing a tracert its routing through the secondary link but I cant browse. I set a policy to allow the lan and explicitly my internal ip out to any external any port which didn't work and also explicitly to the FTTC wan link again couldn't browse.
Any ideas why its playing up?
↧
Watchguard 12.0 Authentication Portal
Hi,
Hoping someone could help me out here. In my environment, we have a Watchguard M300 running Version 12. We run a manufacturing environment, so we want the shop floor computers restricted from having Internet access.
To do this, I created an active directory group called Internet Access and only users who are part of that AD group can get internet access. Everyone else gets blocked.
I have noticed that from time to time, users sessions go stale and they get logged out of the firebox authentication. One quick solution I have for them is to tell them to log out and log in again, so SSO can do its thing (I find this happens if they remain logged into their computer for days).
I would like to prevent these unncessary calls and emails from users by having the WatchGuard setup so if they are not logged into the firewall, it will redirect them...
↧
↧
Watchguard NAT solution
Dear expert,
We have an internal server without gateway which use for some critical data inquery via internet. So far, The VPN server is response for user access from internet and it configures NAT of VPN server to inquery server. but when we moved the VPN to firebox, the user had no access to inquery server without GW. Is possible to configure NAT between firebox GW and inqurey server that to allow all VPN users to access it ? May need your solution for this.
↧
Watchguard firewall rule
Hello All,
Is there a way to create a rule that blocks traffic from just a particular subnet? I have a wireless network set up at a client site the guest network is getting DHCP from the firewall using a DHCP scope on a different subnet, I dont want to allow traffic between the guest subnet and the staff subnet.
This is just a temporary fix until I get all the tagging/vlans buttoned up.
Thanks!
↧
If you use macOS, we could use your help!
Hello, community!
Are you a Total Security Suite customer or partner? We currently have a beta running to test out our new Threat Detection and Response Host Sensor for macOS.
Details:
TDR 5.2 introduces a new Host Sensor specifically designed for Mac endpoints.
Mac Host Sensor
The new Mac Host Sensor is lightweight and extends TDR’s detection and response capabilities to Mac endpoints.
Key Features:
· Scanning heuristics for files and processes
· Kill Process and Quarantine File remediation actions
· APT Blocker integration
· Existing TDR policies automatically apply to Mac Host Sensors
OS Compatibility:
OS X Yosemite 10.10
OS X El Capitan 10.11
macOS Sierra 10.12
macOS High Sierra 10.13
Beta Test Files and Beta Participation
To help you test the Mac Host Sensor, we provide two test files you can...
↧
Windows 10 always on VPN - Watchguard alternative?
Hey folks
We are looking at implementing Microsoft's "always on VPN" functionality for our mobile users. It's no small feat, which I am OK with but I always like take the path of least resistance if possible.
Now, we are all-in on Watchguard, which is great I love their stuff, and we currently use the Watchguard SSLVPN client which works but is limiting in certain ways.... and I'm wondering if the Watchguard IPSEC vpn can't provide a similar functionality to Microsoft's "always on VPN" (with much less work :D).
Also, any experiences with Always on VPN would be appreciated too before I jump into this rabbit hole. So far it looks good if a little complex to setup.
Thanks in advance for any experiences and advice.
-csand
↧
↧
Watchguard trade up - XTM515 to M370
I recieved my new Watchguard Firebox M370 today to replace the XTM515 currently in use.
A couple of questions:
1. When I activate the new feature key, will the old XTM515 security services be disabled? Id like to activate the new device and be able to configure/test it before removing the old.
2. My XTM515 is running 11.11.4 and the new is running 12.0.2. Do I need to upgrade the XTM515 to the same version to migrate the config?
↧
CTO of WatchGuard is our TechShowcase speaker!
We're excited to have Corey kick-off our TechShowcase on April 26 at Miller Park! Can't wait to hear his latest cybersecurity insights!
Want to hear him speak? Join us for the largest IT event in Wisconsin! You can find more about it on my post here:https://community.spiceworks.com/topic/2118772-5th-annual-techshowcase-at-miller-park-april-26
Or visit our website to learn more about Corey and the great line-up of events!https://ccbtechnology.com/techshowcase/keynote-speaker/?utm_campaign=techshowcase-2018&utm_sourc...
↧
change external ip address
HI I have watchguard and have additional static public ip addresses already sets in box as secondary external interface. I use these public static ip address by going SNAT to forward any port internal ip address. We only use 3 interface port to distribute 3 different network 10.0.1.1 to 10.0.3.1 each network has its own public static ip address defined SNAT. Public Ip addresses perfectly fine when they try to connect to local network from outside (world) by using public ip address I define. My question is I want to define their external public static ip address as their gateway because when they type ip address on google to find out their ip address it shows same gateway address of us, not the one I define for them. Is there anyway I can define each local network to use each public static ip address which was defined on secondary...
↧