Quantcast
Channel: WatchGuard
Viewing all 1338 articles
Browse latest View live

Linking Watchguard XTM330 to Active Directory

April 2, 2014, 9:27 am
$
0
0

Hello Everyone!

I've been trying to figure out how to set up the Active Directory portion of the authentication servers section. I was hoping that several vpn users would be able to log in with their AD account but I haven't been able to figure out how to properly do the setup. Here is what I am facing.

I'm trying to fill out the portion under the IP used for the server.

I have a group set up in AD as RDGroup which is in the XGroups OU which is then under X. This is what I have tried in that field with no luck.

cn=RDGroup,out=XGroups,ou=X,dc=X,dc=local

As per the searching user I am using the administrator account. I don't know if this needs to be set in a similar format to what is above.

I have also left the login attribute as sAMAccountName. But for troubleshooting I tried cn, Display Name, and Name.

Hopefully someone has the answers out...

Search

4G failover for WatchGuard FireBox

April 2, 2014, 10:09 am
$
0
0

I understand there is a device (Broadband Extend Wireless Bridge) we can connect to our Firebox along with a 4G stick from our cellular provider to create a second internet connection that could be used for failover if someone digs in the wrong spot and cuts our fiber. Can anyone point me to information about install/config for this, as I can't get any response from my local reseller on it.

WatchGuard - Save to Firebox error "Element 'no-send-ip'

April 2, 2014, 8:18 pm
$
0
0

Hi,

Model: WatchGuard XTM 21

Policy Manager Release 11.5.1-B331288

Fireware XTM v11.4.0

We have a problem saving a configuration upon finishing up with Policy Manager to Firebox with the following error after entering passphrase:

INTERNAL_ERROR: Element 'no-send-ip': This element is not expected. Expected is one of (Unique, auth-retry, auth-timeout, force-timeout, serv.)

Anyone come across this and how to fix this?

Thanks,

Ariel

Unable to IPSec VPN from behind a WatchGuard to another WatchGuard

April 3, 2014, 8:20 am
$
0
0

I'm behind one of our XTM-505 boxes, and I'm trying to connect to others in our organization via IPSec VPN (I'm using Shrew). I think my predecessor configured this box in a hurry, and maybe left something out.

Changes I've made so far (which haven't helped)

-Went to VPN-Global Settings-Enabled IPSec Pass-through (which auto-added "WatchGuard IPSec Policy" in firewall policies)

-Added WatchGuard policy (packet filter) for IPSec from Any-Trusted to Any-External (and ensured Dynamic NAT was enabled, which was on by default)

I'm still getting a connection time-out when I attempt to go from inside this building to any of our other firewalls. I went to WatchGuard System Manager, opened up Logging, and searched by my system's local IP address but I'm not seeing any denied traffic.

Is there anything I'm missing? Note: I can VPN from the outside...

webBlocker service not available

April 3, 2014, 10:00 am
$
0
0

Right now the WebBlocker service (WebSense) is unavailable. This happens from time to time. I wonder if there is something they can do to avoid interruptions during work hours and set their maintenance time after 6:00pm at least. Thankfully I was in the office at the time this happened and thankfully we still have WebBlocker Server with SurfControl installed locally so I just switched all the policies to use a different WebBlocker action. But if I was on vacation or on the business trip or attending conference - that would make serious impact on our business. Even though in Advanced settings I set "Allow the user to view the web site" in case if the server can't be reached in 5 seconds, it doesn't work, it just shows the error message. Moreover, I don't like the idea to let the user surf the web when WebBlocker is not available, thus...

bridge XTM25-w wifi to VLAN

April 3, 2014, 4:20 pm
$
0
0

I'm hoping I'm wrong, but it looks like there's no way to bridge a WIFI interface with a VLAN. On the "Wireless Access Point Configuration" window, "Enable wireless bridge to Trusted or Optional interface" doesn't list my VLAN interface. Is there a way to do this?

Watchguard DHCP failing

April 4, 2014, 2:07 am
$
0
0

Today I've started experiencing issues with my watchguard XTM 515 issuing IP addresses to devices from the Watchguard DHCP.

Scenario is: We have a second subnet on our network whichI use for mobile devices and guest/visitor laptops to use WIFI. We call this simply "Visitors WIFI". This has no route onto our existing LAN and just keeps the connections separate but running offthe sameinternet connection via our WG XTM.

At the time of creating this, for simplistic reasons,I decided not to use our normal DHCP servers and just use our Watchguard Firewall's DHCP for requests onto the "Visitors WIFI".

This has been working fine for the past 2 years but suddenly today it hasdecided to have a hissy fit and not work.. At first I thought the DHCP poolcould befull, turns out it's not. I decided to release all the IP addresses anyway, which didn't do...

Disable firewall complete on Firebox X Edge Series

April 4, 2014, 2:39 pm
$
0
0

We have a X55eW that i have setup, but some of our desk phone on the new subnet will not register via SIP, everything else is working fine, but I would really like to figure out how to disable the firewall on the firebox, we are sitting behind a firewall at the ISP handoff, so no concern to have two firewalls up.

Any suggestions?

Thanks

Search

Watchguard XTM330 - HTTP Invalid Request-Line Format

April 8, 2014, 3:18 am
$
0
0

I want to play a video from a specific site (http://www.alphatv.gr/shows/entertainment/eleni/webtv/nak-shoes-4) and i receive an error: "Error Loading Stream-Could not connect to server".
Generally, i can play videos from many sites such as Youtube, Vimeo, Mega -Star Channel (local web-  tv channel) and i do not have any problem with videos.

I have a Watchgurd XTM330 and i receive this error when monitoring the traffic the time that i want to play the video.
msg=ProxyDeny: HTTP Invalid Request-Line Format.

I cannot understand what actually means and what to configure.

Thanks.

Watchguard XTM and AP200 - Devices cannot see each other

April 10, 2014, 12:07 pm
$
0
0

I have an XTM520 connected via Cat 5 to an AP200.    Two laptops each connected to the AP200 via (2) different SSIDs, and a wireless printer connected to a third SSID.

The laptops cannot see the printer.  I have tried two different rules TCP 0, and Any.  No Success.

Please see the attached explanation and diagram.    Been looking at this and changing parameters for more than 4 hours.  Any ideas would be quite helpful.  

Watchguard XTM 25 + Motorola surfboard sb6141 + Linksys wi-fi router

April 12, 2014, 3:31 pm
$
0
0

I've research and found several topics related but didn't seem to work. Any help you guys can provide would be greatly appreciated.

Here's my home setup.

ISP: Comcast basic ISP (dynamic ip)
ISP Modem: Motorola Surfboard SB6141
Owned: Linksys Wifi Router N300 192.168.1.1 (set up as DCHP giving out range .10-254)
Newly purchased from garage sale to be add to network: Watchguard XTM 25 10.0.1.1

1. modem (only ethernet) goes to linksys wifi router (internet port)
2. linksys wifi router (port 1) goes to watchguard (port 1)
3. linksys wifi router (port 2) goes to jack in living room
4. linksys wifi router (port 3) goes to bedroom
5. linksys wifi router (port 4) goes to printer

Everything works fine but as soon as I plug in the Watchguard nothing works. I'm 100% positive the issue is the watchguard. Some of the topics I read talks bout turning off...

i want allow 8100 port number in watchguard firewall

April 16, 2014, 12:12 am

Watchguard Weblocker configuration across multiple firewalls

April 21, 2014, 9:32 am
$
0
0

I have four (soon to be five) Watchguard firewalls. We have full subscriptions on all of them. We are using WeBlocker via the Websense Cloud on all of them.

Over time, my predecessor did not really do a good job of keeping WeBlocker consistent across our units. Not a huge deal for the category filtering (which I can change) but I am trying to stay consistent on the rest. There are redundancies, and items not described well (especially now that the 11.8.x version allows better description fields).

Is it possible to export a WeBlocker filter from one WatchGuard and import it into others? I'd like to clean up one of our firewalls, and then bring those WeBlocker policies to the others. This would ensure the consistency I need.

Note: We do not have a WatchGuard Dimension setup at this time. All of our firewalls would be considered individual...

Watchguard firmware upgrade

April 23, 2014, 7:35 am
$
0
0

Currently customer is having XTM Core 750e series WathcGuard firewall which us connected to other firewalls using BOVPN tunnels, currently we are having some issues and i need to upgrade the firmware for the Hub firewall, if i upgrade the firmware only at the HUB site will it affect the BOVPN tunnels connected to spoke firewalls, or i need to upgared the firmware at the Spoke sites also, also will the tunnels will be connected automatically after firmware upgrade or i have to manually configure some settings.please advise.

Thanks,

WatchGuard XTM-26W live streaming

April 24, 2014, 2:09 am
$
0
0

Hi guys,

My problem is that I don’t see any live stereaming on my WatchGuard XTM-26 (11.8.B432340). 

I mention that I have no active subscription on it.

The mesage is: Error loading stream: could not connect to server. 

Can you help me, please?

Thanks!

Search

Second Public IP NAT to Internal IIS Web Server

April 28, 2014, 10:58 am
$
0
0

I am trying to configure my watchguard XTM 505 firewall to take one of my 5 public IP addresses and NAT that to an internal webserver on port 443.

Primary IP = X.X.X.250

Secondary (#2 of 5 public IP's) = X.X.X.251

I want .251 (on the same interface) to route traffic on 443 to internal LAN machine 192.168.100.40 (Part of my trusted Network)

I have tried to configure the 1-1 NAT on the system manager and then set a policy allowing Any-External-->SNAT Any-External-192.168.100.40 :443

When I try to hit the webserver from another public network my connection pretty much goes down. I thought this was a simple exercise but watchguard support is taking their time figuring it out. Any thought?

Webblocker users reports

April 29, 2014, 6:10 am
$
0
0

Hi guys, i'm switching our webfiltering system from (the great!) squid to Watchguard with AD authentication also in Terminal server/Citrix.

I've create a lot of rules for my 100 collegue and near-everythings seems to be working good, now i need to configure the reports for allow and deny requests.

The necessity it's very basic, one report, scheduled or on-demand doesn't matter, thant can show the AD users and the allow or deny requests during the day or during the week.

Many thanks for any answers!

Considering T10 or X25

April 29, 2014, 7:50 pm
$
0
0

Can anyone help me out on deciding which one to go with? Here is what we have:

5PC's

Applications are QuickBooks and Scheduling application running locally

50Mb Broadband Internet

Single Site

Need Web filter/ips/antivirus/spam filter

1 vpn for myself for remote support off hours

Does the t10 do dhcp?

Watchguard XTM Spams

April 29, 2014, 8:18 pm
$
0
0

Upgraded the firewall from 11.5.2 to 11.7.4U1 to 11.8.3U1.. I followed this upgrade path..

After the upgrade, 7 days later I started receiving SPAMs and some valid emails are being blocked as well.. (yahoo, gmail, etc.) even test message no attachments gets blocked.. I have to add domains as exception for the email to reach us.. watchguard support is taking too long.. it's been 7 days since the first spam penetrated, getting a lot of spams now.. and i've been getting complaints of not receiving emails from certain domains.. been adding domains as exceptions like a beast and i am getting tired..

Watchguard SSL VPN

April 30, 2014, 10:21 am
$
0
0

Just finished delpoying a few new Watchguard units and have gotten around to configuring VPN for a few road warriors.  All is well and we can connect to assets at the home office; however, one of our programs requires special static routes to work correctly and the VPN does not seem to want to send those specific requests through to the Watchguard unless "force all client traffic through" is checked.  Anyone have any experience with this?

Thanks!

Viewing all 1338 articles
Browse latest View live
Search