the idea is, to keep interesting traffic flowing all the time through the VPN tunnel, since this tunnel is used to AWS VPC. To keep the tunnel UP, AWS requires that traffic should flow all the time. How can I achieve this in Watchguard?
↧
What is the equivalent of IP SLA in Watchguard firewall?
↧
Watchguard Active Directory Athentication Issue
I've got a Firebox M200 that's up to date on firmware (v. 12.2.1) and I'm trying to link it with my Active Directory service running on my Synology Server. I'm having issues with authentication working. I tried setting up the configuration as follows.
Domain Name: "domain.name"
Primary: "Server IP"
Port: "389"
Search Base: DC=domain,DC=com
Group String: tokenGroups (this cannot be changed)
Login Attribute: sAMAccountName
-For this I've tried both this and using the CN/Principle Name/Name. I've tried using the Administrator account for this and I've made sure to specify the distinguished name, the principle name, you name it.
No matter what I've done it's unable to authenticate whenever I test it on the connection test page within the fireware web ui. Any suggestions would be awesome.
↧
↧
Webinar: Watchguard's Wireless Intrusion Prevention System & Wi-Fi Security
Join us on Wednesday, October 24th, for a webinar where we'll be covering what makes our Wireless Intrusion Prevention System (WIPS) unique with a LIVE rogue access point demo. Plus, you'll hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition.
In this webinar, you can expect the following:
- Overview of secure Wi-Fi connectivity
- Wireless breach costs for businesses
- Live demo of Wireless Intrusion Prevention System (WIPS) as a secure Wi-Fi solution
If you're interested, register here!
↧
DHCP scope for VOIP boot server on firebox
In one office, we have a windows server handing dhcp server duties, and it automatically hands out boot server ip of 192.168.0.254 to all voip handsets that have a MAC address beginning with 000ADD
This way, all voip handsets find the boot server and get all of their settings from it without manually configuring each handset.
Now, in a different office, we have a firebox t35 handling dhcp duties. Can the t35 be setup to similarly? (create a scope policy like windows server to handout boot server ip to voip handsets)
↧
Port Forwarding 80 to 443 on WatchGuard
Hi,
I have a website and I currently installed SSL on it. The new URL is HTTPS://www.website.com
I also have the port 80 open which is using HTTP://www.website.com.
What I am after is that all the requests coming to port 80 to be redirected or port forwarded to https using WatchGuard.
How can I do this.
Thanks in advance for any help.
↧
↧
Hosted IP Odd Behavior (T35TSS w/PBR)
So, one of our facilities has about 15 fully hosted IP handsets (Nextiva). All was 100% with the T35 (TSS) until we put in a second ISP. We tried to do a simple PBR from ISP1 to ISP2 as part of our normal PBR and traffic flow patterns....phones did not work at all.
When we removed the PBR and changed the "to" for 5061 (their desired UDP port) and to "any external" the handsets work 100% ...seems odd to me that we can not designate traffic outbound direction and not drop the phones...
Not even going to bother calling WatchGuard
↧
Watchguard Firebox deleting PDF files without the .pdf extension
Hi guys,
The watchguard firebox I manage isdeleting PDF files without the .pdf extension but those with the extension are allowed.
Is there a way to allow these files regardless of them having the extension or not?
I received the file okay when it was sent to my personal email address through my mobile data.
Below is the information in the attached text file
The WatchGuard Firebox that protects your network has detected a message that may not be safe.
Cause : The file type may not be safe.
Content type : application/octet-stream
File name : Inv20180804-M-CARM-ABC
Status : File Name violation
Action : The Firebox deleted Inv20180804-M-CARM-ABC.
Your network administrator can not restore this attachment.
Hoping for a quick response
Thanks in advance..... :)
↧
Watchguard M570 Application Controll
Hello,
We have deployed 2 new M570 watchguards for a customer, now i am testing to block certain facebook applications. I am able to block facebook video, but i am unable to block facebook games. I am using application controll for this, i did not configure HTTPS decryption, it this needed to get this done? I guess so as its SSL traffic but want to make sure.
Thanks!
↧
Old Firebox X55e Edge configuration issue.
I use old Firebox Edge firewalls as simple packet filtering firewalls in my home-small-business. I have one on each of 5 static addresses bridged through my dsl-modem.
On two X10e models with firmware 8.6.1 I have no problemspecifying the source external network that is permitted to port forward into the internal network. like for acceptinginbound port 25 from Google email security services,but not accepting inbound port 25 from the rest of world.
Trying the same setup on an X55e with the same firmware version, it won't let me add the source public IP addresses . . I get the message "The IP address 69.69.69.4 should be on the External Network and not on the Trusted or the Optional Network"
My trusted network is 192.168.1.x and my optional network is 10.0.0.x and is disabled. This message shows up when I add an external network in the...
↧
↧
ILL speed is slow when connected to T70
I have T70 in HA mode, when I check ILL speed before firewall it is getting 10 MBPS , but after i configure it in watchgourd it , it geeting drops and slow speed only 2 MBPS
↧
Inside server needs to have public IP without NAT
Hello all,
I have been asked to do something out of the norm for me. Normally Nat public to private no issues. We are have a Jamf Pro Server in the cloud (public IPs) and this needs to talk to a Infrastructure Manager Server.
The Infrastructure Manager Server must be resolvable to the external Jamf Pro server. How is this possible with any firewall (Watchguard M5600). Also the Infrastructure Manager does not support Network Address Translation (NAT).
Any ideas??, maybe some sort of watchguard public IP pass-through or Layer 3 vlan from external to internal. Can you have more then one interface with a the public IP in the same subnet. I only have one public subnet.
Thanks for any info
Jas
↧
Watchguard Dimension - Increase Log Storage Size
Hey Everyone,
Just trying to figure out how to increase the space for the Dimension server (VM), it currently has a 60 GB disk, the db shows as 48GB, and 45GB used, and shows 10 GB free on disk. Everywhere I looked it says to increase the size of the disk. The disk already has 10 GB free, how can I increase the built-in db?
Thanks!
↧
Connect subnets? Static routes? Watchguard XTM
Trying to connect 2 subnets but can't seem to get my head around it.
Subnet A - 10.10.10.0/24
Subnet B - 10.10.20.0/24
Subnet A is local LAN (HP 1910 switch) with a watchguard xtm 515 as the gateway/router
Subnet B (Netvana 1234) just needs to connect to a range of host on Subnet A.
Do I need to create routes in the Watchgard or the switch or neither?
How do I connect them? Thanks for the help!
↧
↧
Watchguard + Comcast + Connection Pro
I was getting a quote on Comcast internet and they have something called Connection Pro which is a type of LTE backup in case of an internet outage.
Does anyone have experience with this? It looks like a cradlepoint modem in the photos. I'm guessing it would be connected to the comcast modem so that the modem could auto failover in case of an outage but normally we have one network cable from the comcast modem to watchguard with the static ip address set up so i'm unsure how this would work.
I'm probably not going to get it since we already have a backup internet provider with failover handled by watchguard, just wondering if this could be another option. Thanks
https://business.comcast.com/learn/internet/connection-pro-automatic-backup
↧
Fireware v12.3 has been released as of 11/28/18
The latest Fireware, version 12.3, was just released to GA today.
https://watchguardsupport.secure.force.com/software/
Gregg
↧
TDR: slow performance during windows update installation
I'm testing tdr on win 10 pc.
I'm using the last build and i have the exclusions both in kaspersky an tdr.
Today when windows kb installation started, ram and hd were saturated and pc was slowing down
When kb installation ends, pc resources remain saturated until pc restart but jf i remove the host sensor before, pc resurrects immediately.
I think it's not a coincidence: all the users started calling me immediately after the scheduled time for the installation of the windows update.
Thanks.
↧
Watchguard XTm 515 using two different isp
Hi i inherited a network with a Watchguard XTm 515, i have ATT and comcast as isp, i am trying to separate the networks for the cameras system using comcast and the regular work lan usage out thru ATT, so far i have two separate networks working fine, the problem is they all go out thru ATT, is thare a way to achive this. thanks
↧
↧
SMTP Proxy - Drop email to specific address with specific name in FROM header
Hi all,
I have a user who communicates with an important customer. This customer's email was compromised a few months ago and everyone in their address book is now getting spammed with email spoofing her name and address in the FROM header.
Our users have multiple addresses and spam spoofing this customers name is going to his secondary email address (user@domain2.com). The customer has fixed the issue and we have arranged to have them send important genuine email to my users primary address (user@domain1.com) going forward.
I use an SMTP proxy on our WatchGuard M200 to filter and control incoming email.
Using the SMTP proxy, can I create a rule that says any email with the customers name or email address in the FROM header ANDuser@domain2.com as the recipient be dropped?
I have rules in place already that drop email with certain patterns...
↧
Can't get watch guard mobile vpn ssl to work with mac airbook
Hello-
Employer provided me with WatchGuard vpn client for MAC. tried connecting using 32 bit and 64 bit but still get errorCannot allocate TUN/TAP dev dynamically. Any help would be appreciated.
WG-MVPN-SSL.dmg version 12.0 build(543202)
OS-high sierra 10.13.3
Log for 32 bit attempt:
Getting configuration from 68.20.202.199
getConfigFromFireBox terminated with status: 0
INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
HOLD:Waiting for hold release
LOG:1544192293,D,MANAGEMENT: CMD 'hold release'
LOG:1544192293,D,MANAGEMENT: CMD 'bytecount 1'
PASSWORD:Need 'Auth' username/password
LOG:1544192293,D,MANAGEMENT: CMD 'username "Auth" "rdunn"'
LOG:1544192293,D,MANAGEMENT: CMD 'password [...]'
LOG:1544192293,,Socket Buffers: R=[131072-131072] S=[131072-131072]
LOG:1544192293,I,Attempting to establish TCP connection with...
↧
Como acceder a mi Watchguard desde WSM como administrador?
Se puede entrar al Watchguard como administrador desde WSM ya que solo puedo entrar como status y cada que hago un cambio tengo que guardar el archivo.
↧