Best Of
Re: EOL for M4600 ?
@Norman The M4600 has not had an end of sale or end of life announced yet. The larger appliances tend to be supported for longer due to the hardware capabilities of those systems.
When it is eventually announced, it will be posted here:
https://www.watchguard.com/wgrd-trust-center/end-of-life-policy
In general, most devices will have a 3 year gap between the end of sale (when they're placed on that page) and end of life.
Re: prod editing - help please
Sounds like you need to set up a Branch Office VPN (BOVPN).
On the Gateway, you specify your local WAN to use and the other end WAN interface.
On the Tunnel setting you specify the local & remote IP addrs/subnets for the tunnel.
You can also specify a 1-to-1 NAT setting on the Tunnel setup.
If you have an Outgoing policy in your config, then outgoing access on port 5656 will already be allowed.
If not, add a custom packet filter policy for TCP port 5656.
The online docs are searchable.
start here:
Manual Branch Office VPN Tunnels
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/other/chapters/manualbovpntunnels.html
Re: prod editing - help please
There are some BOVPN setup examples for both WSM Policy Manager and for the Web UI, here:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/support/configuration_examples.html
Re: Outbound VPN to 3rd Party Provider
A number of years back, I contacted NordVPN on a problem that I was having using their product from my Windows PC.
Their support suggested using OpenVPN and provided me with an .ovpn file, which included a cert and other settings.
Perhaps contacting support for the VPN product of your choice would result in a working .ovpn file for you.
Re: USB modem configuration
Yes
re. gradual failback - that is a cost of your Modem service & the speed of the Modem link vs the advantage that Gradual Failback gives your Moden based connections
Re: USB modem configuration
Hi @maestro
So long as the device meets the specs here, it should work with no issue:
https://techsearch.watchguard.com/KB/?type=KBArticle&SFDCID=kA2F00000000LNXKA2&lang=en_US
Pantech UML295
Vendor ID: 0x10a9
Product ID: 0x6064
(the vendor ID and product ID are how the USB modem identify itself to the piece of hardware it's plugged into.)
The only thing you'll need to add to the VPN is the new gateway for the modem interface. If it's DHCP, adding a dynamic IP will likely be your best bet. See: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/vpn_nat_c.html?
Re: is there a current/working version of fbidsmate.exe
Hello @Norman
There isn't a current version of that program. However, you can add hosts to blocked sites lists via the WatchGuard API.
Re: is there a current/working version of fbidsmate.exe
Alas, no.
This interface was abandoned starting with V8.0
The last version where it was available for was V7.5 - which came out in April 2007.
I miss it.
Re: What are “Expected” IKEv2 Mobile VPN speeds with Firebox T40?
Specific to the T20 and T40 series there was an issue with performance if on a 12.8.x firmware which was fixed in 12.8.2U1 (https://portal.watchguard.com/wgknowledgebase?type=Known Issues&SFDCID=kA16S0000007lO7SAI&lang=en_US)
If you haven't already upgraded the T40's firmware I would do this first as I had a client setup with a T40-W that had this exact issue and the upgrade did resolve the speed issue with a 400Mbps link.
At that point you can then retest and see if the issue is somewhere else.
Re: What are “Expected” IKEv2 Mobile VPN speeds with Firebox T40?
What is the latency of your connection between your home & the office?
Review the calcs here:
How to Calculate TCP throughput for long distance WAN links http://bradhedlund.com/2008/12/19/how-to-calculate-tcp-throughput-for-long-distance-links/
Conclusion:
although I may have a 1GE link between these Data Centers I should not expect any more than 17Mbps when transferring a file between two servers, given the TCP window size and latency.