Hi I succesfully was able to split the connection in my xtm 515 to use comcast for the camera system and ATT for network lan, however after this the phone system that is not hosted locally is a voip service keeps disconnecting at times. internet speeds are non changing i ping constantly and i dont see pocket loss.
↧
Packet loss in watchguard xtm 515 after dividing the network
↧
Watchguard unable to block categories
Hi Guys,
I denied all the categories in https categories
but the users still can access the website that was categorized. It showing on the logs uncategorized.
Thanks
↧
↧
WatchGuard BOVPN to Azure - Issues access in resources in remote site
We've installed a new WG firewall and configured a BOVPN Virtual Interface for Static Routing to Microsoft Azure followinng the WG instructions:
The VPN connects and is fine for a short amount of time but then we start having problems accessing the Azure resources/file shares to the point it crashes Windows Explorer.
If we switch back to the old (non-WatchGuard) firewall it works fine.
Any ideas?
Thanks
↧
Como Conectar Watchguard Firebox M300 a un Pfsense
Tengo un Watchguard M300, configurado de la siguinete manera:
Tengo la interfaz externa(Eth0) como DHCP, conectada directamente a un modem ISP
Tengo la interfaz interna (Eth1) configurada con IP fija 192.168.12.0, lo que quiero hacer es conectar mi Watchguard por la interfaz Eth2 hacia un servidor pfsense, el cual esta configurado de ka siguiente manera:
Esta conectado hacia un modem ISP y está configurado por DHCP, en la interfaz LAN, Tiene otra IP 200.0.1.x en la interfaz WAN, pretendo quitar el modem del pfsense y dejarlo conectado al watchguard para darle salida a internet y en un futuro solo dejar el watchguard.
El pfsense lo utilizo para un hotspot donde los usuarios que desean conectarse a la red inalambrica se tienen que loguear con un usuario y contraseña.
Alguna idea de como realizar éste proceso?
Gracias.
↧
Netgear / WatchGuard - DHCP proposal crashes all VLAN's (odd)
One of our facilities we have a very odd issue. The network is running 100% right up to the point that we plug any new device into it. This was discovered after a vendor was plugging in a new NVR in a managers office. Simply, plug in the NVR and the entire network crashes (until the NVR is gone). Every VLAN goes down and there is no access past the edge (seems to be a reboot in WatchGuard land) nor any movement of traffic on the LAN for the same time period.
We have comfirmed that this is not a cable issue, happens even if we directly go to the Netgear XSM4348CS switch and now....turns out it is not just the NVR, it is ANY device on the wired network that is plugged into the switch - well, but for the ones that are already running...
I am pretty confident that it is not the WatchGuard T70 (TSS) that is running 9 VLAN's. The switch is...
↧
↧
WatchGuard Firewall DHCP Handing out duplicate IP address
I have WatchGuard firewall that is performing DHCP service. There are currently 10 computers connected to the switch to the firewall.. All 5 desktops are not having any issues, none reported. However, we just connected 5 other laptops and it seems to be having some leasing issues. Multiple laptops (2 sets) are sharing the same IP address. I've completed a release and renew on one of the workstation but it still keeps getting the conflicting IP address. I've even set a reservation on the firewall for the one of the laptops with a different IP address then execute release and renew and even a reboot and the laptop continues to get the conflicting IP address. How can I get this laptop to obtain the reservation IP I set for it on the firewall?
Since this is a small newly formed office, there are no Windows server in the office. DNS records...
↧
WatchGuard firewall with UniFi APs - VLAN security question
Hello!
I useWatchGuard firewalls with UniFi APs and guest wireless on a separate VLAN. I know that VLANs have been susceptible to "VLAN hopping" and I am wondering if that can be prevented with this setup. To answer the obvious question about why use UniFi, WatchGuard APs are WAY beyond my clients' price range, so I use UniFi. Also, I have clients without WatchGuard firewalls, and they have UniFi. This way, I have one place to manage all wireless.
If I really want guest isolation, I could have a UAP-AC-LITE for the corporate wireless, and then put a separate UAP-AC-LITE/PRO on a separate WatchGuard firewall interface and give the interface access only to the Internet.
However, to have both corporate wireless on the LAN and "isolated" guest wireless, I have always had VLANs for the corporate LAN firewall interfaces, with my UniFi APs...
↧
Watchguard Failover to a 4G modem
I found one old post about this with no conclusion. So... I am looking for a real-world experience with setting up and using a 3G/4G modem as failover of a WatchGuard. I have M300 and T35 units which will support a second ISP.
↧
Exclude a network from SSL VPN
Hi,
I'm using mobile VPN with SSL when I'm at my customer to log in to my own network. That is set to force all traffic trough the tunnel. When I need to access resources on my customers network, this obviously won't work. So I'd like to exclude traffic for that network from being forced throught the tunnel. Problem is that the only option I see is to include specific resources and not to exclude them.
Any thoughts or suggestions?
↧
↧
Policy Based Routing Reporting
I have taken over an installation of a M440 with minimal documentation. It is configured with WAN fail-over between our fiber and cable circuits. I noticed there was traffic flowing over the backup circuit and decided to take a look at it in more detail. I found at least two firewall policies set to use policy based routing for some reason. Is there a way to get a report or export the config in a way to see what policies are using policy based routing? I ran a
Firebox Configuration Report
but it does not show this information. I am hoping I do not need to go to every policy to find this information.
Thanks,
Ron
↧
Watchguard stopped working on windows 7
i have a windows 7 machine which currently has watch-guard mobile vpn with ssl client installed on, every time i try and connect it looks like it goes through then i get a disconnect appear at the bottom corner of the screen and checking in the logs i get connection closed. TSL is enabled on the machine as well. version of watchguard is ver 12. I have a windows 8.1 machine which is able to login with no problems with the same credentials. i can also login to the portal with the credential so don't think it has anything to do this them.
Logs:
2019-01-07T10:09:56.232 OVPN:LOG:1546855795,,30 variation(s) on previous 20 message(s) suppressed by --mute
2019-01-07T10:09:56.234 OVPN:LOG:1546855795,D,TCPv4_CLIENT WRITE [1196] to [AF_INET] : P_CONTROL_V1 kid=0 sid=5c0d6126 f0dbeb4a [ 2 sid=36ac9151 131d36a3 ] pid=2 DATA 16030307 5d0b0007 59000756...
↧
Have you tried out SD-WAN on your Firebox appliances?
In Fireware v12.3 or higher, you can configure Software-Defined WAN (SD-WAN) on your Firebox. We've added SD-WAN as a standard feature on every Firebox network security appliance, so our customers just need to enable it and they can experience cost and performance benefits right away. SD-WAN is a network routing feature and we've included networking capabilities in our platform since we started shipping firewalls.
SD-WAN products offer similar features that closely align to the functional definitions proposed by industry experts, but network security providers deliver more substantial security features. We highlighted some of these features available in our SD-WAN product as compared to standard SD-WAN providers here:
If you want to enable SD-WAN on your Firebox, you'll just need to add an SD-WAN action and configure a policy to use the...
↧
WatchGuard not blocking content
So, I was asked for advice on how to get a T70 to start blocking traffic again (this was a place I helped out at as a volunteer) I guess their contracted IT vendor was on the device to make sure that "things were working" and I found this...not sure why it is that WebBlocker is not working.....
↧
↧
Turn on Discovery with SM?
So, I messed up a config for a brand new 30. I forgot to turn on Network Discovery.....best I can tell (and have ever done) is that I can only enable that on WebUI,
If I have to build an SSL-VPN to get, get on the WebUI, so be it. Just not sure if there is a way around it (the device is only 100 or so mi away)
↧
SMTP Proxy - Spoofed Email Rule - Exclude Attachments?
Hi all,
I recently put in place some 'Address - Mail From' and 'Headers' rules to help combat spoof emails using the following Watchguard advice/guide:
We have always rejected email claiming to be from our own domain but the header rule has helped stop the From: Boss Name <BossName@OurDomain.com<actualspammersaddress@gmail.com emails.
I discovered this morning that this 'From Header' rule also applies to a .msg attachment to an email as well.
I had a user complain that they weren't receiving an email from a client. The email was coming from the same address as the other emails that were getting through okay.
I checked our firewall logs and saw that this particular email was being dropped because it matched the 'From Header' rule and had the...
<<↧
Share your thoughts on a WatchGuard survey!
WatchGuard is looking for some volunteers to contribute to a survey on cybersecurity! Based on the survey results, WatchGuard CTO Corey Nachreiner and Threat Researcher Marc Laliberte will be playing a Family Feud-style game - Infosec Friendly Feud. You'll be able to hear the results of the survey and game on February 4th on our podcast, The 443 - Security Simplified.
If you're interested, you can take the survey here. We need responses by Friday, January 25th.
Thanks in advance!
↧
Back from 12.3.B to....12.2?
WatchGuard support of course has no idea....anyone gone from 12.3.B581846 back down to 12.2? Seems 12.3 is riddled with issues and I guess we are supposed to wait for "updates" despite the fact that they do not even know what the issue with a production M300 even is.....
Real crap thing - going to try this with out physical access to the device once the facility is emptied.
↧
↧
Watchguard unknown protocol
Hi Guys,
I'm getting this error while connecting to
XenDesktop/XenApp VDA. 
Thanks
↧
Winmail.dat instead of attachment
I have seen several emails come across lately to users with a text file with the following instead of the actual attachment that was sent. What is the specific Watchguard setting I need to make to fix this? Is it safe to just allow type application/ms-tnef through the firewall? Or is there a safer method of getting around this issue?
Text
The WatchGuard Firebox that protects your network has detected a message that may not be safe. Cause : The file type may not be safe. Content type : application/ms-tnef File name : winmail.dat Virus status : File Name violation Action : The Firebox deleted winmail.dat. Your network administrator can not restore this attachment. I used to think this was a problem on the sending person's mail client, but I'm thinking now that it's actually something the Watchguard is doing instead.
↧
New Watchguard M270 - Can we use Native OS VPN client in Windows and Mac OSX?
Is there any reason to NOT use the built in VPN from Windows or Apple? It's currently set to IKEv2, and it was working with a Mac, but I couldn't get Win10 to like it. (let me know what I'm missing here)
Is there any downfalls to this setup? It's really basic usage, connecting back to the office to gain access to network shares. Only about 40 people, and never at the same time.
↧