I think you're referring to the blocked sites list. It is possible to add sites and IPs to it via the command line.
See Page 142https://www.watchguard.com/help/docs/fireware/12/en-US/CLI/CLI_Reference_v12_5.pdf
If you chose to write a script to log in via SSH and do this, it could be possible.
I would suggest setting a duration for a blocked site, and not adding it permanently, as if you're adding entries to this list via some automated script, it can grow very large quickly. Each firebox model has a limit as to how big the list can be.
Logging enabled on a policy should show packets allowed by that policy in Traffic Monitor.
If you have a policy which allows incoming and another one which allows outgoing packets via the BOVPN, you would need to set Logging on each.
You will never see reply packets as those are automatically allowed and are not allowed by a specific policy in your config.
Without being able to access the devices and review logs, I can't really discern why it might be not working. Based on how the VPN and clusters work, I would not expect them to be accessible via that vector.
If you wanted to look into this, I'd suggest opening a support case so that team can look into the issue in-depth with you.
Not that I have seen.
Disable the "Allow IKEv2-Users" policy and replace it with any policies that you want to allow the desired access From: specific IKEv2 users or the IKEv2-Users group.
If you have some lower precedent policy which allow access from IKEv2-Users such as From: Any, then you will need to address those too.
More specific requirements get better suggestions sooner ....
In spite of my many years in IT, I still can't read the minds of the ones who post, or for that matter, the one of my wife ;-)
Backing up the database is the actual dimension data -- that's what you'll want to back up in the case of an issue. The VM itself can just be redeployed using the template you can download from our website.
If you'd like another way, completely shut down the VM for a short time, you can snapshot the VM in HyperV. Trying to snapshot the VM while it's running usually makes the image created unusable.
You got the wrong info.
You can set up all 4 client VPN types in XTM, and can have users accessing the firewall using the one that suits them best.
You could potentially have various users accessing the firewall using each of them.
I regularly access my firewall using IPSec, SSLVPN or IKEv2.
There is not...I have been wanting that for awhile. No luck
You can change the trusted interface IP address and the DHCP IP addr info using the Web UI (or WSM Policy Manager).
Once you change the IP addr with the Web UI, you will need to log in again using the new IP addr of the trusted interface of the firewall - 10.50.1.1