Best Of
Re: Allow BOVPN Failover (aka IKEv2 Multi-Peering) with Third Party Gateways
Define multiple gateway endpoints when creating your VPNs. The firewall will try them one at a time in order. If the first does not respond (e.g., the internet is down on that circuit) it will go on to the next one. When the SA expires, it will start this process over again.
See:
See:
(Configure Manual BOVPN Gateways)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/gateways_config_c.html
Re: FIDO2 support
@KAndersson I'll pass your request onto the product managers.
There is an existing feature request, and that is AAAS-12937. If you'd like to follow that request, please create a support case and mention AAAS-12937 in the case.
Re: Feature Request - Allow Policy Manager to groups several policies or separator line
In WSM Policy Manager, there is an Edit -> Find option, which allows one to search policies for:
Address (IP,, Network, User, Alias, FQDN, etc.), Port number, Protocol, Tag
This is in addition to be able to sort on the columns, such as Protocol, Policy Name, From, To, Port, etc.
Re: Mobile SSL VPN + NPS w/ Azure Extension + Azure MFA
I got this working on my end without much effort. A few notes:
1 - Don't deploy on an existing NPS implementation as the Azure EPS extension will 'break' the local NPS.
2 - Configure as you normally would based on the Watchguard documentation. https://techsearch.watchguard.com/KB/WGKnowledgeBase?lang=en_US&SFDCID=kA22A000000XZlhSAG&type=KBArticle
3 - Make sure AD is syncing to Azure.
4 - Make sure users have licensing for MFA.
Basically, radius does the same checks to validate as usual, but then sends the request to Azure for the MFA portion. There isn't anything to configure for that action.
Re: Routing traffic on Multi-wan by source network
Sure.
The key is specifying a SD-WAN action on a policy, which could be for a single IP addr
Re: Feature Request - Allow Policy Manager to groups several policies or separator line
Hi @Infra
If you are in manual order mode, and if you create a policy to/from "firebox" you can use the policy name to make note lines, if that is helpful for you.
You can also use policy highlighting to color code your rules if that helps you organize
Re: Feature Request - Allow Policy Manager to groups several policies or separator line
Review this, which may address your needs:
About Policy Tags and Filters
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/policy_tags-filters_c.html
Re: Disable TCP SYN checking Cloud Managed
@GeorgeWillow Yes. Create a support case and mention FCCM-4622 in the case, and that you'd like to follow that feature request. The technician that is assigned the case can set it up to do that for you.
Re: Disable TCP SYN checking Cloud Managed
Hi @GeorgeWillow
There is currently a feature request open for the ability to turn TCP SYN checking off for cloud managed devices. This is FCCM-4622.
Re: Unable to configure LACP on T45
Just an update, with the latest 12.10.2.B692269 was able to add the LA group and get it working.
Thanks,
Marc