Best Of
Re: Vulnerability Assessment Dashboard - find affected computers for vulnerability
I recently started using EPDR and was wondering the same thing. I'll be following in hopes that you get an answer.
Vulnerability Assessment Dashboard - find affected computers for vulnerability
Hi all,
according to this help center site: https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Endpoint-Security/monitor-threats/dashboards/dashboard-vulnerability-assessment.html
it should be possible to show computers missing a certain patch ("To open the Available Patches by Computer list filtered to the selected patch, click a box in the tile. This list shows the computers and devices missing the patch.").
However, in EPDR when i click a box in the tile i do not get a list of affected computers but another overview of the missing patch. I was not able to find any direct way to find out which computers are missing a certain patch starting on the Vulnerability Assessment Dashboard.
Did i miss something?
For example, i can see that one computer is missing KB5005112 but i did not find a way to find out which of the 100 managed computers is missing the patch.
Thanks in advance
Gil
Re: Is SD-WAN incompatible with cluster?
I believe that the connection for this WAN on both members should be identical.
Please open a support case on this to get WG help in resolving your issues.
Re: Adding a second external IP
@Atomicweight said:
Hi all,I've got a T80 firebox handling traffic in/out of the building. I have two external IP's given to me by my ISP.
Current setup:
External interface on firebox has x.x.x.132
Internal (trusted) interface has 192.168.100.1 <------- this connects to a 48 port switch and then on to the inside of the network.One of my servers has an internal and external NIC. Its current configuration is:
Inside NIC is 192.168.100.5 and works fine on the internal side.
The outside NIC is as follows: 192.168.13.51 ----> (router) 192.168.13.1 ----> x.x.x.133I want to put that x.x.x.133 on the T80 firebox and remove the router completely. I've tried several configs and have come close, but something still not right.
Would I add the .133 address as a secondary network on the existing external of .132?
If so, how would I route traffic from the outside NIC of the server (192.168.13.51) in/out through the x.x.x.133 external interface correctly?Appreciate any help,
Atomic in VA
Which one of the 192.168.x.x subnets corresponds to the majority of the network - the 192.168.13.x or 192.168.100.x?
If say the 192.168.100.x subnet is the primary one used internally (which it sounds like), then the server needs to have 192.168.100.1 set as its default gateway, remove the 192.168.13.x one (or at least disable it while testing) - if 192.168.13.x has to coexist for anything else, add it as a secondary address on the internal network for the time being.
Add the required subnet/s to the dynamic NAT table if you have modified it from defaults (which normally allows all RFC1918 [private] addresses).
Yes the additional x.x.x.133 address would be added as an additional IP on the external interface if that's how the ISP routes that address to the Firebox.
Re: Adding a second external IP
Best practice - dual homed devices are strongly discouraged .
Disconnect the server trusted NIC and make all traffic to/from it go via a single connection to the firewall, as a DMZ.
Set an unused firewall interface to 192.168.13.1 & connect the server external interface to that.
Set up the desired policies to allow access from the Internet to the server and to/from the server from Trusted.
Re: Adding a second external IP
You can associate 192.168.13.51 with x.x.x.133 using a 1-to-1 NAT setup.
About 1-to-1 NAT
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/nat/one_to_one_nat_c.html
Re: Mobile IKEv2 VPN Through Hotspot with newer Samsung Mobiles
Hi @Pat
I'd suggest opening a support case so we can help gather more data. If moving to a different phone on the same carrier with the same SIM card is correcting the issue, it's very likely something on the phone causing the issue. It may be something that the phone manufacturer and/or carrier need to fix, but we can at least help provide that data.
Re: Powershell exploit
The solution to the antiexploit detection to the Defender file has already been deployed.
They should stop giving this message as soon as they get the update.
Sorry for the inconvenience.
Re: SD-WAN policy
Hi @XYLITOL
We'd need to see your policy set and the log line to help with this. Please consider opening a support case via the support center link at the top right of this page so you can share that information securely.