Quantcast
Channel: WatchGuard
Viewing all 1338 articles
Browse latest View live

Watchguard Dimension/RptManager Strange 2 am huge up/download

August 24, 2020, 3:14 pm
$
0
0

Hi

Have a large 3Gig Upload 4Gig Download showing up in the Dimension and older Report manager from around 2:20 am until 2:50.

Looking for some direction on how to proceed with alternately identifying the details from raw M270 watchguard firewall logs.

My question: Is can I re-parse the Watchguard raw Logs to extract IP src/dest, protocol and bandwidth

Drilling down in Dimesion/ReportMgr doesn't provide any information as to source/destination IP and what protocol. All other detail reports don't seem to show anything of use.

Logging is enabled on most polices; but not all (windows Update polices, and deny polices aren't logged due to storage concerns). Suspect if the issue is within these unlogged polices, then i may be S.O.L.

Additionally, some of the time frames lines in the report don't exist (IE. 2:30 am and 2:40 am) and the 42.24...

Search

Unreliable builtin dhcp server in 12.5.6?

September 1, 2020, 2:07 am
$
0
0

Bit the bullet today and finally upgraded our last 12.3 firewall to 12.5....

Performed update during lunchtime network reboot.

This evening receive reports that dhcp completely dead.  Hint.. The dhcp lease time was set at 8hrs.

Login and indeed anything relying on dhcp lease renewal is dead.  Last dhcp renewal around 7hrs.  Dhcp address table is stale.

Network still works fine for static up addresses.

Reboot firewall and dhcp is working again.

Firewall is a T50W.

Isolate one port on the firewall

September 2, 2020, 2:05 pm
$
0
0

We need to keep the network locked down to be PCI compliant.

We have a contractor on-site and have provided him with a local machine.

He needs to be able to reach the internet from his personal laptop, but we need to isolate that from the rest of the network.

It looks like I need to create a VLAN on our WatchGuard XTM330, which I've never done before.

I followed this guide to Define a New VLAN, and I've changed one existing interface to be type VLAN.

I'm lost after that.

Am I going the right direction?

Is this going to be able to tie a port in the switch to the VLAN, or am I going to have to give him a fixed IP?

Watchguard HTTPS proxy Cert issues on Win 2016 server after windows updates

September 6, 2020, 5:35 pm
$
0
0

Evening,

Was hit by a unexpected Windows Update last Friday night which looks to have borked my self signed watchguard SSL HTTPS proxy certificate (was manually installed in the windows certificate database)

We use this to inspect HTTPS traffic in and out of the network

Other Windows 10 Pro machines in the network still seem ok; so suspect its something to do with MS changing something with self signed certificates

Anyone else seen this? Have any ideas?

PS.. 

  • I've reinstalled the certificate without any change
  • I actually tried to post this on the Watchguard Forum first but there's something wrong with my account


Thanks

Paul

Upgrade modem firmware (Draytek Vigor 130)

September 8, 2020, 8:36 am
$
0
0

I'm a bit of a beginner here, so bare with me. 

We use a Draytek Vigor 130 - its connected to our Watchguard M200. I don't have much experience using Watchguard firewalls - but I need to check the firmware version on the Draytek - so do I connect to the Web UI of the Draytek when it is behind our firewall?
The usual 192.168.2.1 IP address doesn't work, which I understand, but I just don't know where to start in order to establish access to the Web UI on the Draytek when it is connected to the WAN on our Watchguard. 
Thanks in advance

How to set up DNS on a custom firewall interface

September 9, 2020, 2:39 pm
$
0
0

I have a firewall interface set as custom to isolate it from the rest of the local network and just give access to the internet.

I can't see any of the local network, so that worked.

I can hit IP addresses, but I can't hit URL's.

I conclude that DNS is not working.

IP Address: 192.168.1.196/29

   - interesting that it wouldn't let me use a lower number.

DHCP: Enabled

Start IP: 192.168.1.193

End IP: 192.168.1.195

DHCP Options:  Use the interface IP address for Default Gateway

---DNS settings---

Domain name: (I'm not clear on what to use here.)

DNS Server: 8.8.8.8

Wins Server: blank

---ipconfig---

IP:  192.168.1.193

Default Gateway:  192.168.1.196

Any suggestions?

Cannot make the right interface work.

September 14, 2020, 5:08 pm
$
0
0

I have a customer who has two watchguard firewalls to connect their network over a dragonwave wireless link.

Their radios failed and their IT guy messed with the firewalls not realizing the problem was the radios.

I replaced the radio and got the link between the two networks working properly, but I'm struggling with their IP phones.

Site 1
LAN 192.168.1.181
DragonWave 192.168.115.181
Phones 192.168.2.1

Site 2
LAN 192.168.6.181
DragonWave 192.168.115.1
Phones 192.168.3.1

On site one 1 have a two routes

192.168.6.0 > 192.168.115.1
192.168.3.0 > 192.168.115.1

On Site 2 I have no routes.

Currently I can make the phones work at site 2 through the 192.168.6.0 network but not the 192.168.3.0 network. From the 192.168.3.0 network I can ping the 192.168.2.1 interface on the watchguard but I cannot ping the phone system itself @ 192.168.2.5....

Logging data from Watchguard WebBlocker to SysLog Server

September 15, 2020, 8:37 am
$
0
0

We have a Cyber-security firm that uses the Syslog feed from our Watchguard device in their monitoring/SIEM implementation. Is there a way to log when WebBlocker blocks a PC/IP from accessing a certain website through the Syslog feature? I have implemented Watchguard Dimension virtual appliance so I'm able to see this data, but it would be great if I could send it over to them so they could see it in their system as well. 

Search

Watchguard Firebox and Google

September 17, 2020, 9:51 am
$
0
0

Anybody having issues with your Firebox blocking Google services? We have tons of chromebooks that from time to time they have no access to the internet or log in because the firebox is blocking the Google IP addresses that allow it.

Watchguard BOVPN Route duplicated error

September 18, 2020, 5:19 pm
$
0
0

Hello all, sorry if this doesn't sound technical but I am an MD not an IT professional but I am the default IT in the practice.

I currently have two static external interfaces (fiber and cable) and I am trying to setup BOVPN to a third party. My interfaces are set up in fail-over mode. The configuration i am going for is as follows:

Gateway 1: Local interface A --------> Remote interface A

Gateway 2: Local interface B --------> Remote interface A


Tunnel 1: 192.168.1.0 --------> (NAT) 10.217.161.0/24 ---------> 10.215.0.0

Tunnel 2: 192.168.1.0 --------> (NAT) 10.217.85.0/24 ----------->10.215.0.0

All Phase 1 and 2 settings are otherwise identical.

If I try to save this I get an error stating that :

The BOVPN tunnel route 192.168.1.0/24 <==>10.215.0.0/16 is duplicated...

and I am unable to save this configuration.

The remote IT sets this up with all...

<==>

Problem allowing access to FTP-server behind Watchguard T15

September 22, 2020, 5:53 am
$
0
0

Hello.

I have a problem with a Watchguard T15, Firmware: Fireware v12.5.4.
It seem I’m unable to configure the Watchguard to allow FTP via TCP port 21 from the Internet to come in and be directed to an internal FTP-server.

From what I’ve understood, there should be a SNAT created that specifies from where (Internet) to where (Internal FTP-server), I think this is what I’ve done, see picture 1, which displays the policy “Policy-FTP-forwarding-to-internal-FTP” and the SNAT, “FTP-forwarding-to-internal-FTP”.

To me, this means that the policy will allow “Any External”, ie. anyone coming from the external interface/Internet, to execute the the SNAT that is associated with the policy, ie. will forward anything coming on port 21 to the internal FTP-server on 192.168.100.21.

Pic 1, Pic 2

What I was expecting to happen, doesn’t. The...

Watchguard SSL VPN limit concurrent user

September 29, 2020, 7:37 am
$
0
0

Hi to all,

i have this issue.

I must limit concurrent connection with VPN SSL. I have set in SETUP --> authentication --> Authentication Settings the "Limit Conccurent user session" to 1. And so in "Users and Groups" too. 

But this change doesn't work. VPN work in two session..

What's wrong?

Thanks

NAT Loopback and Static NAT (SNAT) - Setup - Firebox - WatchGuard

October 2, 2020, 9:55 pm
$
0
0

Greetings,

I am trying to do this setup for a self-hosted server inside the Firewall network, where I am trying to access it using the WAN IP internally.

I followed the steps as in the KB from WatchGuard:

NAT Loopback and Static NAT (SNAT)

As you can see from the screenshot:


However, when I hit the domain (WAN IP), I see the traffic leaves the firewall from another policy, even though it's on the highest priority as you can see.

So, eventually, it leaves the Firebox, but it doesn't come back.

XML
2020-10-03 00:36:41 Allow 10.0.12.13 12.34.56.78 http/tcp 57145 80 eth2-TP-Link eth0-External Allowed 52 127 (Any-AnasToronto-00) proc_id="firewall" rc="100" msg_id="3000-0148" src_ip_nat="192.168.0.10" tcp_info="offset 8 S 1527955181 win 64240" geo_dst="CAN" Traffic

Note: When I connected via VPN, it works fine.

Please advise.

Thanks

Anas

Watchguard - route traffic from internal IP via specific external interface

October 5, 2020, 10:21 am
$
0
0

Watchguard M300

We have two external WAN interfaces, and two internal LAN subnets. How can I ensure that outbound traffic from a specific internal subnet is routed through a specific WAN interface?

Static routes are defined by destination, so this doesn't suit my needs. I want all outbound traffic from LAN2, regardless of destination, to be routed via WAN2.

Cannot enable SSL Inspection

October 21, 2020, 11:38 pm
$
0
0

Hi,
I'm new in Wathchguard and I'am trying to enable SSL inspection on M470 (latest firmware) I use HTTPS-Proxy.1 rule in firewall policies inside in "Proxy Action" at the bottom as Action I chose "Action to take if no rule above is matched" as Inspect Proxy Acton - HTTP-Client.
But this config is not working for my on my test computer I didn't apply downloaded Proxy Certificate from Watchguard to check if I will have certificate warnings when browsing websites, but I don't.
Could anyone help me with that?

Search

WatchGuard Dimension Container Docker?

October 28, 2020, 12:53 pm

WatchGuard 12.5.3 - SMTP (Office 365)

November 5, 2020, 12:37 am
$
0
0

Bit of strange one here. I upgraded my on site firewall from an XTM535 appliance (due to go end of life this month) to an M570. The process was straightforward enough with regards to exporting configuration and changing the PBR rules for SD-WAN rules. Everything appeared to be running as expected.

However I now have a a couple of users that send emails using SMTP (smtp.office365.com) utilities from the finance system and alumni management that have reported failures. I have looked into this and can see that they are both producing the same error message which is "The remote certificate is invalid according to the validation certificate" - however, I can see traffic coming from the internal IP addresses and other SMTP applications are working.

Is there anything specific on later WatchGuard firmware revisions that needs to be configured to...

3 locations, Fiber EPLAN between them, 3 Different internet connections help

November 9, 2020, 10:13 am
$
0
0

Hello,

let me first explain our setup:

3 Locations (loc1, loc2, loc3)

physical WAN connections we have:

2 cable modems (cm1, cm2)

3 EP-LAN endpoints (fb1,fb2,fb3)(multipoint to multipoint solution, Ethernet WAN offerings from Spectrum)

1 fiber Internet connection (fic1) with 2 failovers (fic1-1, fic1-2)

This is what we have at the locations:

loc1 - Watchguard M670 cluster of 2, 2 Dell Powerswitch n2024 (not stacked), 1 cable modem (cm1), 1 fiber EPLAN (fb1)

loc2 - Watchguard M4600 cluster of 2, 2 Dell PowerSwitch n2024 (not stacked), 1 cable modem (cm2), 1 fiber EPLAN (fb2)

loc3 - Watchguard virtual M670, 1 Fiber Internet (fic1) with 2 failovers (fic1-1,fic1-2), 1 Fiber EPLAN (fb3)

With the EP-LAN, all sites are connected via a 500Mb x 500Mb connection.

This is where the problem comes in. The routing never seems to work out quite right. I don't...

BOVPN w/WiFi backup

November 10, 2020, 3:40 am
$
0
0

I have a T55 and a T35 that are all of 400' apart. 

Side 1 (T55) has SDWAN w/2 ISP, BOVPN (/24 to /24) to the T35 (one iSP). 

Currently it is 192.168.1.0/24 <-> 192.168.10.0/24

I am looking to install a pair of network bridges from the one building to the other. This will be the backup connection - while the bandwidth "should" be better than our cable connection (at least on the upload) the parking lot between the buildings will be subject to trucks and what not blocking the bridges...

Wracking my brain - do I setup up the bridge as an External and add to SDWAN or do I add it as a Custom or Bridge and route the subnets together with a packet filter? 

Watchguard SSL Content Inspection Certificate Failure

November 11, 2020, 11:25 am
$
0
0

Any idea why the Firewall doesn't like this Certificate? I added an exception but just wondering because I get these issues once in a while.

m370 12.6.2 (Build 631387)

Text
2020-11-11 09:02:20 M370-m1 Allow 192.168.1.3 213.192.214.148 https/tcp 49250 443 Trusted External-ATT ProxyInspect: HTTPS domain name match (HTTPS-proxy.inspect-00) HTTPS-Client.Standard.inspect proc_id="https-proxy" rc="592" msg_id="2CFF-0003" proxy_act="HTTPS-Client.Standard.inspect" rule_name="Default" sni="purchasingarea.gestamp.com" cn="*.gestamp.com" ipaddress="213.192.214.148" src_user="robert@mydomain.local" geo_dst="ESP" Traffic 2020-11-11 09:02:20 M370-m1 Allow 192.168.1.3 213.192.214.148 https/tcp 49251 443 Trusted External-ATT ProxyInspect: HTTPS domain name match (HTTPS-proxy.inspect-00) HTTPS-Client.Standard.inspect proc_id="https-proxy" rc="592"...
Viewing all 1338 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>