Best Of

Watchguard EPDR causes laptop freezes

Dear all,

In recent months, we have rolled out WatchGuard EPDR within our organization. We initially ran it in "Hardening" mode for a few weeks and then switched to "Lock" mode.

However, we are experiencing sporadic issues with laptops, including complete system freezes and fans running at high speed. We also frequently observe very high CPU and memory usage on our clients caused by Application Host Service – Panda Cloud Antivirus Service.

We are using HP ProBook/EliteBook laptops with no other security software installed (no HP Wolf Security). The issue is becoming increasingly problematic, and we are often tempted to remove the software or temporarily disable Advanced Protection, which we would prefer to avoid.

Is this a known issue, and are there any solutions? We are currently running version 8.00.25.0002.

Thank you in advance.

dmeijer

1

Re: Unexpected SAML Auth Behavior

Hi @sega2k6 and @BetterInvesting,

Can you try this possible workaround?

On Entra
Create a conditional access policy
On the Users, add the user you are testing with that is having the issue. (Later you can add the full sslvpn group if it works for you)
On Target resources, add the sslvpn application that was created for the SAML integration.
On Session, set the sign-in frequency to Every time
Set policy to ON position
Click Create

Wait for about 30 mins for Entra to apply the changes. There seems to be a delay on this.

Then test. Does this allow your user to manually sign into the mini saml browser now?

Dave_Daniels

1

Re: Google login issue

12.12 didn't solve it for us either. I'm still working with support on this but we have found a workaround other than just restarting the firewall. If you look in System Manager -> Blocked Sites, you may see a Google address (142.250.x.x) that is being blocked with a reason of port scan. If you remove that address from the block IP list it works again.

MeOMy

1

Re: Let's Encrypt / ACME Client

With Public CAs shortening certificates lifespan now this is a serious issue for everyone.

Please go to your WatchGuard Cloud Account > Help (?) > Give Feedback
Search for "letsencrypt" and Vote!

Julian

1

Re: Let's Encrypt / ACME Client

Hi @Abertay
There isn't currently any update on this request. If you'd like to follow it and get updates if/when it is released, please create a support case and mention FBX-3727 in the case somewhere. The technician assigned to the case can set that up for you.

james.carson

1

Re: SSL VPN on Windows on ARM?

Thanks for that reply.

First, Windows On ARM is most emphatically not WindowsRT (which was a Windows 8 operating system for the long discontinued Surface RT).

Second, as a professional driver developer with some experience, I don’t understand why you would say that support for SSL VPN is “a limitation of” the Windows platform.

Isn’t it just a matter of not having a driver that’s built for ARM? What is it, technically, that prevents you guys from supporting SSLVON on Windows On ARM?

Sorry to post such a negative reply, but it frustrates me when I get a reply from an official representative that doesn’t add-up in my experience.

Peter

petergv@osr.com

1

Re: Mobile VPN Install Options

You can try using /norestart

See this post:
SSLVPN Silent Deployment (Upgrade) Reboots Computer
https://community.watchguard.com/watchguard-community/discussion/4071

Bruce_Briggs

1

Re: Clarification on Ports Used for HA and Related Functions

Hi @Cris

The scresnhsot seems to be multiple things mashed together, and only a bit of it applies to the firebox.

-HA Discovery happens over port 3456 via multicast traffic (224.0.0.2)
-VRRP is utilized for cluster management.
-Heartbeat is via ping and TCP connections in the range of 4110-4119.

Much of the traffic happens over the cluster interface (the cable that goes directly between the cluster members.) Some traffic does go across the interface specified as the management interface. Securing this will come down to choosing a network where the cluster members can communicate with each other, and generally, this should be a dedicated management network for this purpose.

james.carson

1

Re: VPN Problems with new WG T-Models and Fireware 2025.1.2

So finally I can say
the CLI commands solved the Problem.
However the reason is unknown. I hope they found the source problem and fix this in the next fireware.

PTec

1

Re: Watchguard Mobile VPN client software credentials

Hi @beastwez

Going by the shape of the buttons, I'm going to assume that's Windows and not MacOS.

The windows SSLVPN client stores that data in the windows registry. If you look at

Computer\HKEY_CURRENT_USER\SOFTWARE\WatchGuard\SSLVPNClient\Settings and clear the data in the "server" key, that should clear that line.

james.carson

1