Quantcast
Channel: WatchGuard
Viewing all 1338 articles
Browse latest View live

Watchguard Web UI Login Problem

November 20, 2020, 11:03 am
$
0
0

Hello,

I am trying to log in to a T30 from the Web UI. If appears to authenticate me successfully then goes right back to the login screen. If I try to log in a second time, it tells me that I am already logged in from the IP address from where I am. If I wait past the logged in user timeout period, then try to log in again, the issue repeats.

* I have tried adding /dashboard to the URL

* I have tried logging in from Windows and Linux PC's

* I have tried from the LAN and from the WAN

* I can successfully log in suing SSH

* I have tried from IE, Firefox and Chrome

I know the easy answer is to restart the device but it's my first day of vacation and I am 400 miles away. I am afraid that if there is a firmware problem it will not reboot and my vacation will be *ruined*.

Has anybody seen this before? Did it recover after a restart? What could be...

Search

Unable to connect to Watch Guard Mobile VPN with SSL client

November 23, 2020, 5:01 am
$
0
0

Team,

Need your help!!!

I am unable to connect to Watch GuardMobile VPN with SSL client. PFB as the error from the log.

2020-11-12T11:12:59.453 Launching WatchGuard Mobile VPN with SSL client. Version 12.5.2 (Build 606431) Built:Nov 4 2019 13:40:17
2020-11-12T11:13:09.772 Requesting client configuration from XXX.vpn.XXXXX.com :443
2020-11-12T11:13:09.776 FAILED:2020-11-12T11:13:09.802 FAILED:Cannot connect to internet 12005
2020-11-12T11:13:09.804 failed to get domain name

Following troubleshooting tips was tried from my end. But still no luck

  • Uninstalling and installing the application again
  • Connecting to VPN by disabling the firewall
  • By adding the application in “Allow an app through Windows Firewall”
  • Connecting to VPN via mobile hotspot
  • By enabling TLS 1.0 / Use TLS 1.1 / Use TLS 1.2 & disabling SSL 2.0 / Use SSL 3.0 (as suggested in the...

Watchguard Network - 2 different Public IP - Range

November 27, 2020, 6:51 am
$
0
0

Dear Community

I get from my fiber provider 1 Public IP 185.100.247.6 - ETH 0 on the Watchguard and a second Range 212.15.29.176/30 via 185.100.247.6)

FIBER -> Media convert to RJ45 -> ETH0

Configuration:

ETH0 - Public IP - External Interface 185.100.247.6 - Surfing, E-Mail Services
ETH1 - LAN Network - Trusted 192.168.1.1/24
ETH2  - WLAN - Optional - Trusted 172.16.20.1/24

And now i will use the second Range 212.15.29.176/30 for a Server with directly Public IP 212.15.29.178 behind the Watchguard on a new Interface ETH 3 without NAT.

How i could configure the Interface 3 on the Watchguard? External?

AuthPoint? Ignore that 600lbs gorilla....

December 5, 2020, 4:56 pm
$
0
0

Just looking for ideas...

Say I have a datacenter that is allowing inbound connections....these connections are using a super secure "off port" RDP connection (SNAT to 3389) and credential to AD. More security is the Geofencing allowing only US based connections into the network....

Someone at WG seems to think that the best scenario is to enable 2FA (AuthPoint) connected to AD (so, they are already inside the fence). 

Am I insane to think that the first thing would be to VPN into the edge (SSL-VPN) and have 2FA there in combination with AD credentials? 

Maybe I am missing something. I can not figure out a valid reason why WG sales engineers would not fly a flag about the off port RDP access right in....at least, before trying to sell AuthPoint...

Watchguard Firewall IKEv2 VPN pre-logon powershell script not working

December 7, 2020, 10:09 am
$
0
0

Has anyone using Windows Version 1903 or newer been able to get Windows VPN to connect pre user log on to a Watchguard Firewall using IKEv2 VPN?

I have managed to get the Watchguard provided power shell script to configure the VPN connection but it will not connect before log on. I have a gut feeling that MS has broken this with an update and i am hoping a Spicehead has figured out the fix. 

Is there a way to install Watchguards SSL VPN TAP Driver manually?

December 8, 2020, 3:45 am
$
0
0

Hello,

In summary, when we deploy Watchguards VPN (we use a central management system called Desktop Central), it installs the VPN client, but doesn't install the TAP driver that comes with it which is necessary for it to work. We have several hundreds machines all over the country so manual installation isn't really an option here, or at least the very last option.

I've reached out to Watchguard and they've said that we can fix this by running a script on each of the computers to allow this TAP Driver to be installed silently. Which is completely counter intuitive because if we're doing that, we might as well just install the driver manually instead of messing around with a script on each PC.

Does anyone have any ideas or have had any experience with this? I can't be the only one to have issues deploying the Watchguard SSL VPN Client...

Watchguard 2FA

December 14, 2020, 6:55 am
$
0
0

Hello.

our MSP has installed a Watchguard firewall and i have asked them to look into enabling 2FA for SSLVPN users.

I'm not entirely sure the information they are giving me is accurate.

how difficult is this to implement and is it an out of the box feature or are additional servers/products required ?

Watchguard Allow exe downloads from particular external site

December 21, 2020, 6:37 am
$
0
0

Hi, I'm a complete newbie to WatchGuard, so this may be simple, but looking at the number of configured policies, proxies, rules and routes already set up for our networks, sites and applications, and if I'm honest I'm a bit out of my depth.

Anyway, we have a couple of users who need to download executables from a particular site hosted by a business partner of ours. I had a look at the WatchGuard, and not really knowing what I was doing added an exception to the WebBlocker with an action of Allow for pattern www.sitename.com*

The users are still getting the following:


I can download the file no problem, but I am the WatchGuard administrator and a domain admin, so I'm guessing this is why. I'm not really sure how to see which settings apply to individual users on the
unit.

We have a number of proxy actions set up already and so I've had a...

Search

Firebox 11.9 AD Auth over BOVPN to AWS

December 28, 2020, 8:28 pm
$
0
0

Hi All,

Running Fireware XTM 11.9.6. I've configured a BOVPN to an AWS VPC that hosts our managed AD.

It was all working until we changed to a more corporate internet connection from a small office one. Another change I made was to alter the IP addresses on some of the other internal interfaces. Now when we try and authenticate through the Firebox to the Active Directory I get errors that look like the firebox can't contact the AD server:

Using Authentication > Servers > Test Connection for LDAP and Active Directory:

Connect to server: Failed (can't connect to 172.31.xx.xx[server is down or unreachable])

In Dashboard > Traffic Monitor (with Authentication in Debug):

Text
2020-12-29 15:18:16 admd admPrcsAction: xpath=/authentication/diagnose 2020-12-29 15:18:16 admd admActionTestUser:get rqst [user@domain.com.au] 2020-12-29 15:18:16 admd...

Office 365 App Install Failing

December 31, 2020, 5:54 am
$
0
0

Through extensive testing, we have determined that the WatchGuard is blocking the Office 365 app installation.

Following research into this issue, I have added  *update.microsoft.com and officecdn.microsoft.com to the HTTP Policy exceptions, but this did not make any difference.  I don't recall seeing any deny messages in the traffic monitor.

Unfortunately, we have to currently install the Office 365 apps on another network (home or mobile tether).  It's not very often we need to do this, so can't report back on suggestions until the next time we get a new employee, but would like some suggestions on what to try next.

Configuration changes for V7610 router to be configured on optional interface

January 5, 2021, 6:26 pm
$
0
0

We have a client which has a phone/fax router with two FXS1 ports on the router, it's a netgear V7610. We have configured watchguard as default gateway on 192.168.0.1 trusted interface and setup optional interface on eth2 of the firebox this interface will be 192.168.15.1 and connect the v7610 to this interface, network range is 192.168.15.0 /24 and V7610 will be 192.168.15.2 on the optional network and plug router from LAN of optional into the WAN port of V7610. For the phones and fax line to work connected to V7610 policies/static routes will need to be setupm which is the best way to complete this?

VPN user with same local IP scheme as corp network

January 7, 2021, 1:05 pm
$
0
0

I have a user that is connecting to my corporate network via watchguard SSL VPN.   They only access one IP address.  However, that IP is the same IP as a device on his network.  They connect on port 23 of the device on the corp network.   Is there a way to configure the VPN, or the persons PC, to allow this?   Would a static route on the PC do the trick?

Watchguard Firecluster - Cluster Interface

January 8, 2021, 12:31 pm
$
0
0

We are currently looking into setting up a firecluster and have a couple questions regarding the Cluster interface between the two firewalls. With the cluster interface does this need to be directly connected between each firewall? Or can this be linked over a switch that has its own vlan? I have not found anything stating it must be directly connected without going through a switch. The reason for this is we have two dedicated internet lines coming into our location that are in two separate buildings. We would like to have one firewall in building 1 and another in building 2. If the firewall in building 1 would go down we would like the firewall in building 2 to become the master of the firecluster. This would then enable us to continue to have external network connection. The network between the two buildings is LAN and not WAN. The...

Need to discourage route to internal server over VPN

January 8, 2021, 7:46 am
$
0
0

Hello All! We user Watchguard's SSL VPN and it is configured to only route internal requests (we do not route all internet traffic through the VPN.) However, we need to discourage/prevent routing to our internal VOIP server over VPN. Depending on a remote user's internet connection, there may be intermittent "VPN disconnects" which will kick the user's softphone connection to the VOIP server from internal through VPN to external over the internet. Not a big deal except it throws a "subscription error" to the user every time it happens. So we want to ensure that users just connect via the internet. Any of you gurus know how we can do this? Any help is always appreciated!  Thanks!

Wpad/Pac - not working with new VPN client. Need different syntax?

January 13, 2021, 1:53 pm
$
0
0

Last Modified: 2021-01-13
Hi guys,

I have a slight issue here. We are putting in Watchguard firewalls and unfortunately our environment uses Wpad/Pac files. On the internal LAN and various sites, everything is working fine with the current wpad.dat file. However, when using the Watchguard VPN to test the pac file, it is as though the line for the VPN network is being omitted and instead the default rule is applied.

I have setup a web server locally on my machine and pointed the Proxy to http://localhost/wpad.dat for testing. When using the checkpoint VPN, the below works fine using the checkpoint network (i've commented it below). The Watchguard VPN, uses the OpenVPN application and I am wondering whether there is somethign in the syntax it doesn't like? I have read that the 'myIpAddress' function is a hit or miss (...
Search

Watchguard stops authenticating every Monday at 12pm

January 18, 2021, 2:22 pm
$
0
0

I’ve got a watchguard firebox M270 that has religiously stopped authenticating SSL VPN users at 12pm every Monday. The appliance can still see the primary and secondary AD servers. Other applications using AD to authenticate continues to work during the issue that tends to last for 1-2 hours.

Assign Public IP's to VLAN

January 20, 2021, 8:26 pm
$
0
0

Hello,

I am helping a friend with setting up a network for a restaurant that also has some apartments. The goal is to provide and internet connection to the tenants as an amenity although they will provide their own router.

We already have a Watchguard T40 and managed switch but I am not super familiar with configuring the Watchguard.

I'm good with configuring the LAN, Wifi, Guest Network, etc.

The thing I am having trouble wrapping my head around is ideally we'd like to give each tenant their own static IP from the ISP and I'd prefer not to double NAT them. The end goal is the tenant plugs their router in and sets the static assigned to their apartment (or if some way to DHCP that is possible that'd be even better) and then they can set firewall rules, port forwards, etc for themselves. Obviously we don't want the tenants to be able to...

WatchGuard IP SEC VPN won't connect to network drives

February 1, 2021, 12:39 am
$
0
0

Morning all, 

Since upgrading my firebox from the XTM525 to the M370 the IPSEC VPN will not connect to the local file share i.e. H Drive but we can access servers remotely just fine.

Any ideas?

TIA

3 locations, Fiber EPLAN between them, 3 Different internet connections help

November 9, 2020, 10:13 am
$
0
0

Hello,

let me first explain our setup:

3 Locations (loc1, loc2, loc3)

physical WAN connections we have:

2 cable modems (cm1, cm2)

3 EP-LAN endpoints (fb1,fb2,fb3)(multipoint to multipoint solution, Ethernet WAN offerings from Spectrum)

1 fiber Internet connection (fic1) with 2 failovers (fic1-1, fic1-2)

This is what we have at the locations:

loc1 - Watchguard M670 cluster of 2, 2 Dell Powerswitch n2024 (not stacked), 1 cable modem (cm1), 1 fiber EPLAN (fb1)

loc2 - Watchguard M4600 cluster of 2, 2 Dell PowerSwitch n2024 (not stacked), 1 cable modem (cm2), 1 fiber EPLAN (fb2)

loc3 - Watchguard virtual M670, 1 Fiber Internet (fic1) with 2 failovers (fic1-1,fic1-2), 1 Fiber EPLAN (fb3)

With the EP-LAN, all sites are connected via a 500Mb x 500Mb connection.

This is where the problem comes in. The routing never seems to work out quite right. I don't...

Block and Unblock webpage Watchguard

February 5, 2021, 4:36 am
$
0
0

does anyone has any video or instruction on how to Block and Unblock webpage Watchguard model 
T35

Viewing all 1338 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>