Don't understand Watchguard that well, but I'll try my best.
So my computers are continually trying to get Microsoft update. It's disabled in GP, it's blocked in Watchguard, the packets are getting denied, but Microsoft is still the top-reached destination.
Blocking VLAN traffic to these addresses: windowsupdate.comwindowsupdate.microsoft.comupdate.microsoft.comdownload.windowsupdates.comdownload.microsoft.com*.windowsupdate.com
Any other ideas?
The new
Fireware v12.2.1 is out of beta!
Gregg
is any one facing issue on watchgurd M500 in browsing it can't open youtube open only pag not steaming video
The watchguard was configured by a previous employee, whose documentation is basically next to nothing
The External interface is configured as a.b.c.194/28
The Gateway is a.b.c.193
The Secondary addresses are
And I think the Secondary addresses should be
Hi Nerds :-)
I've got a M200 firewall which i suspect is a bit of an underachiever in out network. Hooked to this FW there's about 7-8 VLANs with different amounts of traffic. Some VLANs holds data and others are just for admin interfaces. So theres about 3-4 VLANs on separate eth interfaces when it comes to the data VLAN with medium-high traffic. I also have 2 interfaces to our ISP with a active/passive setup. So apart from the inet eth's all the rest are VLANS.
I have AV and IPS services switched on, the rest are disabled.
Out problem is that we are getting very different throughput between VLANs. All the way down to 15mb/sec when copying files. Behind the firewall there are 2 stacks with switched. One stack is 3x DELL 5548 in a ring with 10Gbps uplinks. And 1x 10gbps Nexus 5010P with 2x 48p 10Gbe fabic extenders in a star. The...
I have been trying to build the BOVPN between these devices without success and looking for help.
"Phase-1 main mode completed successfully"
"IKE phase-2 negotiation from x.x.x.x:500 to y.y.y.y:500 failed. Tunnel='HW.1' Reason=Message retry timeout."
"ERROR 0x0205000b Message retry timeout."
Current Phase-1 Settings:
Authentication Method= Pre-shared-key
Version= IKEv1
Mode= Main
NAT Traversal= OFF
Dead Per Detection (RFC3706)= OFF
DH Group= Diffie-Hellmen Group 5
Encryption= AES 256
Hashing Algorithm= SHA2
Key Lifetime Settings in seconds= 8 hours
Current Phase-2 Settings:
Perfect Forward Secrecy= Diffie-Hellmen Group 5
Proposal Type= ESP
Encryption= AES 256
Hashing Algorithm= SHA2
Key Lifetime Settings in seconds= 3600 sec/1 hour
Also tried:
Perfect Forward Secrecy= Diffie-Hellmen Group 2
Proposal Type= ESP
Encryption= 3DES
Hashing Algorithm= MD5
Key...
Okay, I know I have done this before - but, was asked again to disable the LED's on some AP's. This one is an AP120 but I did also look at a number of the AP320/420's that are in our facilities.
The option is not available. This particular one is in a sleep lab and the lights bother patients (I get that). So...what am I missing?
Is it possible to set the watchguard up so that it works with a dynamic WAN? I recently downgraded my comcast business internet from 5 static IPs to one dynamic one, and I would like to be able to use my watchguard still. I have an older XTM 330 series firewall.
What would I need to do in order to configure it that way? ( I will be putting the gateway in bridge mode so it acts as a straight passthrough, as I have a cisco router than I am going to put between the watchguard and the gateway/modem)
How can I tell if this is blocked by GAV or the new IAV engine?
Denied2018-09-27 08:14:33malicious10.10.10.4517.253.25.205:80HTTP-proxy-00http/tcpupdates-http.cdn-apple.com
HTTP-Client.Standard.mine-av
Appliance: M400 (12.2.1)
Time: Thu Sep 27 16:32:31 2018 (EDT)
Process: http
Message: Policy Name: HTTP-proxy-00 Action: ProxyDrop: Reason: HTTP Virus found Source IP: 10.10.10.45 Source Port: 51805 Destination IP: 17.253.25.207 Destination Port: 80 virus: malicious host: updates-http.cdn-apple.com path: /2018/ios/091-87779-201807016-BACF070E-85EB-11E8-902D-930BAB28F445/com_apple_MobileAsset_MobileSoftwareUpdate_UpdateBrain/f8a3e036b78cf73a9ce0dfc508013f03bb7a510b.zip
I had resetted my Watchguard T10 to factory default. Then i tryed to access via https to the 10.0.1.1 but i cant anymore access to my firebox. Same(obiviosuly) when i try ssh2 or http. Some ideas ? I am directly connected to the interface (1) that give address via DHCP to me. I can ping it but as i say, i cannot anymore log in to do the basic configuration. Some suggestions ?
Hi guys having a bit of a hard time here, we have a phone system hosted internally which we want to push all traffic outbound through our second internet link thats configured on an external interface. i have tried using a policy based route but it still is going out through the main link
Everything is running slow this morning, to the point that some requests are timing out. The Front Panel tab for my T30 shows high load but minimal traffic. Watching the traffic monitor I am seeing a large number of hits (at a rate of about 100 per second) using the Any From Firebox-00 rule. Sample;
2018-10-01 09:21:48 Allow x.y.z.1 x.y.z.137 49152/tcp 57239 49152 Firebox 1-DMZ Allowed 52 64 (Any From Firebox-00) proc_id="firewall" rc="100" msg_id="3000-0148" tcp_info="offset 8 S 3060460779 win 29200" Traffic
2018-10-01 09:21:48 Allow x.y.z.1 x.y.z.137 49153/tcp 39283 49153 Firebox 1-DMZ Allowed 52 64 (Any From Firebox-00) proc_id="firewall" rc="100" msg_id="3000-0148" tcp_info="offset 8 S 3398425874 win 29200" Traffic
2018-10-01 09:21:48 Allow x.y.z.1 x.y.z.137 49154/tcp 51598 49154 Firebox 1-DMZ Allowed 52 64 (Any From Firebox-00)...
T35
Running 12.2 firmware.
I am using MOJO APs and have 2 SSID profiles:-
Corporate (on vLAN1 untagged) - Connected to Interface 1 on Firebox (DHCP enabled, 172.x.x.x)
Guest (on vLAN20) - Connected to Interface 2 on Firebox (DHCP enabled, 10.x.x.x)
The CISCO switch has a dedicated port hard coded for vLAN20 traffic where Interface 2 from the Firebox is patched in.
The ports the APs are plugged in are trunked for vLAN1 and vLAN2.
When a user selects the Guest SSID, it looks like the Firebox is responding back to 2 DHCP requests (vLAN1 and 20).
No problems when using the Corporate SSID.
The switch config appears correct to me.
I opened a ticket with WatchGuard but have had not joy.
If I configure the networking on the AP as NAT rather then bridging, then the endpoint device correctly picks up an IP from the NAT pool and all is good.
Driving me nuts...
If you want to help improve Fireware, join the beta!
https://watchguard.centercode.com/key/Fireware_v12_3_Beta
Gregg
We increased our address scope from /23 to a /22. I have updated all of our switches and access points to work on the new scope. But when I add /22 to my local interface on my Firebox M500, the firewall will become unreachable. The only way to revive it is to reset to defaults and reload the config.
I contacted Watchguard about the issue and their response was that I should segment the network instead of making this change and closed my case. That actually kinda rubbed me the wrong way and I dont agree with their fix. This is in a school and having 1024 addresses doesnt seem to be a large scope, as we are only using a little over half. I would eventually like to segment the network, but we are in session here and will have to wait until next summer. I need the firewall to recognize all 1024 addresses right now...
Beginning at about 10 AM today (EST), we noticed that users connecting to Azure AD/Office 365 who use MFA were unable to authenticate on any web browser. They would get to the logon redirect screen, which was white and never redirected properly.
When looking in to this, we discovered that connections to the sitesecure.aadcdn.microsoftonline-p.com were being reset. Per Microsoft, access to this domain is necessary for MFA authentication to Azure AD.
Looking at the logs on our WatchGuard Firebox, we realized that this domain was being blocked by our HTTPS proxy, as the site had been added to the WebBlocker category"Phishing and Other Frauds"
2018-10-11 10:14:38 Deny 10.10.2.45 172.226.86.115 https/tcp 52853 443 1-Trusted 3-External-Everstream1GB ProxyDrop: HTTPS Request categories (HTTPS-proxy.out-00) HTTPS-Client.Standard.1...Hello,
I have a end user that is behind a network on a watchguard XTM26 that wants to use a windows VPN to an external Sonicwall. When she is on our network behind the watchguard she cannot start the firewall. I have allowed all outgoing PPTP/L2TP ports for here. Is there something im forgetting to allow?
Edit: I have enabled: Add a policy to enable outbound IPSec pass-through
Kind Regards,
Sander
A buddy just finished installing his new Watchguard M that is replacing an older XTM model. Until now everything was figured out for DPI. Now, there is an issue ONLY with Chromebooks that are school owned getting the new *.pem to be recognized by the Chromebooks. This has GOT to be an issue with Google as the device is working as designed for all other client systems...so, uploading the pem to the web console has had no effect. If we try to import the pem from local (USB) media the device simply does not take it....what are we missing?
Hi Guys,
Is it possible to do a server fail over using WatchGuard Firebox policies?
Please advise.
Thanks
RK
Internal Server Error
More information about this error may be available in the server error log.