Best Of
Re: Allow Qualys PCI Merchant ip's through the IPS for PCI compliance scanning
I'm not sure if you have a choice of vendors, but we use securitymetrics.com for our PCI compliance scans and they work without any adjustments.
Re: Regular, short-term WiFi disconnect on AP130s (WatchGuard Cloud)
@TestingTester
If I can get location data in the US/Canada where streetview/google earth is prevalent I will cruise around on the local streets and see what's around there.
Some of the notable ones I've seen:
-A firebox and several network switches were installed a room or two over from a CT scanner. The spinning magnet (or other ancillary equipment) was enough to induce voltage and slowly kill the network gear over the course of a few months. The medical center had to re-cable everything on the other side of the room and shield the wall more thoroughly.
-A customer who had Wi-Fi that went down around 10am daily but only on weekdays. The building was across the street from a police station and the daily speed radar checks on the squad cars (despite being a different frequency) were enough to knock the APs offline since it was pointed about directly at them.
-A small office that had their wireless firebox sitting directly on top of a microwave oven. Wi-Fi didn't work during lunch hours.
-An AP inside a commercial kitchen between two very large range hoods "so the customers would not have to see the AP." (APs can easily be hidden above drop ceilings if needed, but it's usually best to have them below the steel grid to minimize interference..)
-Whenever an airport terminal is involved, the fact that wireless works at all with all the RF flying around is amazing.
Since Wi-Fi works on what is technically unlicensed medical bands, it has to pause if any interference is detected. That's one of the many things that could be happening when Wi-Fi drops are occurring.
Wi-Fi 6's ODFMA adds an extra layer of complexity because you're using a subcarrier to differentiate traffic on the same frequency. It's better because it allows you to pick out your signal from the noise, but it also potentially means more noise. Very few devices even support Wi-Fi 6 at the moment, so you're still dealing with 802.11 a, b, g, n, ac, ac wave 2, and all of the random draft standards that vendors pushed product out on.
Regardless, the complexity is why we generally suggest that customers do wireless site surveys prior to, and after deploying APs. There's tons of free tools to do it (I believe Enahau* still offers a free version of their survey software,) and metageek's inSSIDer* is really good for visualizing interference.
*As a WatchGuard representative I don't officially endorse any of that software, use whatever works best for you.
Re: Link Monitor - Were Can We See The Stats
Hello Bruce,
The WebUI has graphs for Link Monitor and SD-WAN statistics. There are graphs for Loss, Latency, and Jitter and the graphs may be seen in the Dashboard -> Interfaces -> SD-WAN page.
Please refer to the following documentation page for information on the interface graphs:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/system_status/stats_interfaces_web.html
Sincerely,
Juan Nakasone | Support Engineer
WatchGuard Technologies, Inc. | www.watchguard.com
Re: Dimension dropping TLS 1.0 and 1.1 support
Dimension 2.2.1 has just been released, with this fix:
The Dimension web server now supports TLS v1.2 as the minimum protocol version. [FBX-19213]
Re: Galaxy A42 5G VPN to M470 (12.8)
FYI - the Markdown "feature" of this forum messes up things, including HTTPS URLs... It really should be turned off, IMHO.
Access to my firewall via sslvpn.html works for me.
Is SSLVPN activated in your config?
Are you using the default port of TCP port 443 for SSLVPN?
From where are you trying this access? Behind the firewall of from the Internet?
Does the WatchGuard SSLVPN policy allow access from the access location?
The "client" in the 2nd link is the WG SSLVPN client.
To get the OpenVPN client for Android - go to the Google Play store.
Re: Galaxy A42 5G VPN to M470 (12.8)
If you are still having issues accessing the .ovpn file, consider opening a support case.
Re: Problem with FAX and Firebox (Shamrock Fax Software)
Hi @acon59
I would suspect based on the type of message you're getting that this might be a problem with the service you're using vice the firewall. If the firewall were blocking the connection, it'd likely completely fail. Since you're getting a message saying something about the remote end, communication is working. The firewall doesn't specifically know how to change that message -- unless something like a 404 is being interpreted as such.
If you haven't done so already, I'd suggest reaching out to the support team that maintains that product.
Re: Why are WIFI 6 APs cloud managed only?
Thanks XXUP for adding information and you're correct, few of my customers need that type of management. That's why I still don't understand why WG decided to leave customers like me out. I guess there weren't enough of us.
Re: Watchguard Support - Understaffed? Overwhelmed?
Hello Doug,
I appreciate you taking the time to express your concerns about WatchGuard support. As the VP of Support, this kind of feedback is important for me to hear and I am sorry your experience was poor. I acknowledge that our support has fallen below our normal high standards for response time. This has occurred primarily because of staffing shortages. We experienced employee turnover in 2021 that has affected our ability to handle spikes in case volume. We have been actively hiring in Support to regain our staffing levels. While we have been successful in hiring quite a few new technicians in the last three months, you can imagine it takes time for support technicians to get up to speed. We still have open support positions to fill. If you know of people interested in working at WatchGuard, please encourage them to apply. Support technicians primarily works remotely now, so positions are open for hire from any region.
We have reviewed your December support case and agree that the level of support we provided was poor. Unfortunately that period of time was WatchGuard’s highest case volume of the year. High volume was triggered by a service degradation with AuthPoint started by an AWS IoT outage. To make matters worse, the high case volume came at a time when we usually experience lower case volume and more support technicians take time off.
At the same time, I recognize that this cannot be an excuse. It is WatchGuard’s responsibility to provide quality service at all times. I want to assure you that our entire support team is working hard to ensure our response times improve and we meet the expectations of our customers and ourselves. Again, thank you for taking time to give us feedback.
Best Regards
George Grinnell
Vice President, WatchGuard Support