My apologies, but I used a online translation tool to read your question. Please feel free to correct me if I have any part of your issue wrong.
You said that you want to test using your Mobile VPN without having to use a Hotspot or similar "other" external connection.
My assumption is that you're using SSLVPN, as this VPN is policy bound to only listen to what is listed in the "WatchGuard SSLVPN" policy.
-Find that policy in your policy list.
-If you see a warning that you're modifying a automatically generated policy, click OK.
-In the from field, add "Any-Trusted" and/or "Any-Optional."
-Save your configuration to the firewall.
This should allow the customer to connect to the SSLVPN from the internal network.
There's no way to rename the action, but you can clone it and name the cloned one whatever you want (then deleting the old one.)
Use this button in the policy in policy manager to do that:
Thanks for writing.
The access portal is a bit complex, so there's not a video quite yet. Any video produced would likely be specific to an integration, as a general example video would be very long, and not touch on any specific points.
I'd suggest starting here, if you haven't already:
(Reverse Proxy for the Access Portal)
In the future, please do not post connection (port) and domain info here, as this forum is accessible and search-able via the general Internet. If you need help that requires posting specific information, I'd suggest creating a support case with WatchGuard's support center button (top right of the page) instead. That'll help keep your information safe.
These errors always indicate the proxy was unable to pre-validate the chain using certificates presented by the server and its own root CA bundle. Kind of like a browser would.
The server is misconfigured. It is not sending the intermediate certificate in its response.
1 Sent by server www.matrixgames.com
2 Extra download Go Daddy Secure Certificate Authority - G2
3 In trust store Go Daddy Root Certificate Authority - G2 Self-signed
2 is the responsibility of the server. Both, Firefox and Chrome, have 2 cert in their bundles.
To mitigate, you can append the intermediate certificate to Firebox's CA bundle. Import it as a General Use certificate via FSM / View / Certificates / Import Certificate. Link to the certificate from GoDaddy's certificate repository: https://ssl-ccp.godaddy.com/repository/gdig2.crt.pem
I'll recommend that we add it to the next CA bundle update.
I see the same.
Add an Allow entry on your HTTPS proxy for this
I see this related to the cert issue:
CN = www.matrixgames.com
Fireware HTTPS Proxy: Unrecognized Certificate
I'm running XTM V12.5.1
It's likely that's the only traffic that was logging -- since the reports will likely contain sensitive data -- I'd suggest opening a case with support. Include both the report and access to the firewall or a copy of your config so they can investigate what's happening.
If you're just looking to limit inbound traffic, you can make a seperate firewall rule for that inbound traffic and apply a traffic management action to it.
You could create an alias (under setup -> aliases) and use that in the from field instead of any external.
Rule - Name - From - To
1 - Webserver From TOR nodes - TOR Node Alias - SNAT external -> 192.168.10.252
2 - Webserver All Others - Any External - SNAT external -> 192.168.10.252
For Traffic management action, you could rate limit per IP address (so multiple clients using the same TOR node would effectively divide up whatever you assigned/gave them.)
Hello @Daniel_P30 ,
in this kind of scenario, the only way to resolve the problem is to contact WatchGuard support opening a ticket and provide the email address that didn't receive the email activation.
As you know, this problem was that the user email was not created at the time that LDAP sync has been done with AuthPoint.
You can do this if your Firebox is logging to a Dimension server. The report that you'll want to look for is the Audit Trail.
-Audit Trail Report
Summary of configuration changes for a device. Includes the user account that made the change, the change that was made, the date and time of the change, and a brief description of type of change.
To include this report in a schedule, select the Firebox Reports > Audit Trail report.
(About Dimension Reports)
This can happen if the email server rejects the email account.
I checked with support, and it looks like you have also opened a case -- they'll be the best people to help. Can you please let the technician that you're working with know the email address that isn't getting the confirmation?