Best Of
Re: Let's Encrypt / ACME Client
With Public CAs shortening certificates lifespan now this is a serious issue for everyone.
Please go to your WatchGuard Cloud Account > Help (?) > Give Feedback
Search for "letsencrypt" and Vote!
Julian
Re: Let's Encrypt / ACME Client
Hi @Abertay
There isn't currently any update on this request. If you'd like to follow it and get updates if/when it is released, please create a support case and mention FBX-3727 in the case somewhere. The technician assigned to the case can set that up for you.
Re: SSL VPN on Windows on ARM?
Thanks for that reply.
First, Windows On ARM is most emphatically not WindowsRT (which was a Windows 8 operating system for the long discontinued Surface RT).
Second, as a professional driver developer with some experience, I don’t understand why you would say that support for SSL VPN is “a limitation of” the Windows platform.
Isn’t it just a matter of not having a driver that’s built for ARM? What is it, technically, that prevents you guys from supporting SSLVON on Windows On ARM?
Sorry to post such a negative reply, but it frustrates me when I get a reply from an official representative that doesn’t add-up in my experience.
Peter
Re: Mobile VPN Install Options
You can try using /norestart
See this post:
SSLVPN Silent Deployment (Upgrade) Reboots Computer
https://community.watchguard.com/watchguard-community/discussion/4071
Re: Clarification on Ports Used for HA and Related Functions
Hi @Cris
The scresnhsot seems to be multiple things mashed together, and only a bit of it applies to the firebox.
-HA Discovery happens over port 3456 via multicast traffic (224.0.0.2)
-VRRP is utilized for cluster management.
-Heartbeat is via ping and TCP connections in the range of 4110-4119.
Much of the traffic happens over the cluster interface (the cable that goes directly between the cluster members.) Some traffic does go across the interface specified as the management interface. Securing this will come down to choosing a network where the cluster members can communicate with each other, and generally, this should be a dedicated management network for this purpose.
Re: VPN Problems with new WG T-Models and Fireware 2025.1.2
So finally I can say
the CLI commands solved the Problem.
However the reason is unknown. I hope they found the source problem and fix this in the next fireware.
PTec
Re: Watchguard Mobile VPN client software credentials
Hi @beastwez
Going by the shape of the buttons, I'm going to assume that's Windows and not MacOS.
The windows SSLVPN client stores that data in the windows registry. If you look at
Computer\HKEY_CURRENT_USER\SOFTWARE\WatchGuard\SSLVPNClient\Settings and clear the data in the "server" key, that should clear that line.
Re: MacOS VPN client for SAML/SSO in V12.11?
@Amiranda01
The MacOS client was released with 12.11.2.
You can download the latest version of the client here:
https://software.watchguard.com/SoftwareDownloads?current=true&familyId=a2RVr000000bJA9MAM
Re: Mobile VPN Client with SSLVPN v 12.11.3 SAML broken following Edge Update on Windows Systems
If you’re having issues with the WatchGuard SSL VPN client due to WebView2 runtime compatibility with SAML, you can force the client to use a specific WebView2 version. This is useful when downgrading the client or using a local user account is not an option.
Steps:
- Download the Fixed Version (x86) from Microsoft Edge WebView2
=> https://developer.microsoft.com/en-us/microsoft-edge/webview2/?form=MA13LH#download - Extract the archive and move the folder (e.g., 138.0.3351.121) to: C:\WebView2_Fixed\
- Create a batch file with the following content:
@echo off setlocal rem Use Fixed WebView2 138 (x86) only for this process set "WEBVIEW2_BROWSER_EXECUTABLE_FOLDER=C:\WebView2_Fixed\138.0.3351.121" start "" /D "C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL" "wgsslvpnc.exe" endlocal
What this does:
- Sets the environment variable WEBVIEW2_BROWSER_EXECUTABLE_FOLDER so the WatchGuard VPN client uses the specified WebView2 runtime.
- Launches wgsslvpnc.exe from its installation directory.
- The setting applies only to this process and ends after the script finishes.
Hope this helps someone facing the same issue.
Cheers
Maik_G
Re: Unable to VPN to Firebox using Passwordless authentication with the new SAML Entra feature
Hi @JamminJoe
There isn't a release date yet; that generally comes after a public beta (which will often be wrapped up with a few other features in a release.)
Passwordless auth is most likely to appear in FireCloud before it appears in SSLVPN.
If you're looking for more progress info aside from a notification when the feature is done, I'd suggest checking out watchguard.centercode.com. This is where all of our beta opportunities are posted for customers and partners. (Note that passwordless auth isn't currently posted in centercode, but it may be in the future.)