Best Of

Re: iPadOS18 IKEv2 Mobile VPN + Authpoint

Hi,

I ran into the same issue (payload ID size too small) in a slightly different setup (IKEv2, Radius, iOS18) and found that the client profile for the IKEv2 Mobile VPN does not contain a LocalID, which seems to bother iOS at least on the iPhone.

My solution/workaround/whatever you call it was:

download the client profile from the WG Appliance
extract, dive into the MacOS_iOS-Folder
edit the xxx.mobileconfig with your favourite text editor
find the <key>LocalIdentifier</key> tag, which should be followed by an empty <string /> tag
insert an identifier into that string-tag, a UFQDN like user@vpn.internal should suffice, it seems not to be verified anywhere (though I did not run any IKE message tracing)
the segment should then look like
<key>LocalIdentifier</key>
<string>user@vpn.internal</string>
save, then airdrop/push the .mobileconfig to the iOS-device and install.

worked for me.

Have a good day.

stefanbo

8

Re: Cannot login to Dimension

You can move the old Dimension database to the new instance of Dimension.

Move the Dimension Database to a new Dimension Server
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/dimension/database_move_d.html

Be sure to block TCP port 80 Internet access from the new Dimension Server, as indicated in the above Known Issue link

Bruce_Briggs

5

Re: Cannot login to Dimension

Do you have a backup from before the 1st July as a known issue is breaking the ethernet interface
https://portal.watchguard.com/wgknowledgebase?type=Known Issues&SFDCID=kA1Vr0000003ojRKAQ&lang=en_US

CWR

5

Re: V12.10.1 is out as of today - Nov 30 2023

https://portal.watchguard.com/wgknowledgebase?type=Known Issues&SFDCID=kA16S000000bz28SAA&lang=en_US

kimmo.pohjoisaho

5

Re: Web Access database on PC?

I'd reached out to support and they provided the necessary tool. We're all good now. I appreciate the quick response.

IlyaL

5

Re: New configuration - cannot connect now

Is the firewall providing DHCP on the Trusted interface?

It is really hard to help without knowing what you set up for the firewall trusted and external subnets/IP addrs, and what else you conifgured.

Bruce_Briggs

5

Re: Mobile VPN with SSL connection from Trusted LAN

The issue is still present -- it is targeted to be fixed in the next release version
If you are running into the issue, you'll need to follow the directions in the KB to work around it.

james.carson

5

Re: Change the email address for alerts etc

Hello,
Alerts from EPDR/EDR/EPP for detections, or devices found on the network... will be sent to the email specified directly on the online console for the product.

Hope this is what you were looking for!

David

David_

6

Re: Add a function to Botnet detection to block TOR exit nodes inbound

It looks like v12.8.1 now has this:
Policies, Proxies, and Subscription Services

The Firebox now blocks incoming traffic from Tor exit nodes when the Tor Exit Node Blocking service is enabled. [FBX-22863]

CraigS

5

Re: SSLVPN

On the WatchGuard SSLVPN policy, remove anything from the From: field other than Any-external.

You may also need to make other changes too, depending on if SSLVPN conenctions can still be done from inside the firewall.
Test connections and see.

Bruce_Briggs

5