Best Of
Re: Log in problems T10
One thing not mentioned (unless I missed it) is that the Firebox should go online to retrieve its feature key any time it is restarted, and possibly at other times.
Have you restarted the T10 recently?
Re: Log in problems T10
James,
I know that some Cisco routers/switches have a console port reset process to use the CLI to reset the admin password without wiping out a config. Do Fireboxes have that feature?
Re: Weblocker Cloud or On premises
WB cloud is the default.
This is just an Internet based lookup service, as is Gateway Antivirus & RED.
You don't set up anything in the cloud for this to work.
It is not part of Watchguard Cloud, where you can have firewalls, TDR and Authpoint set up.
"WebBlocker uses a database of website addresses identified by content categories. When a user on your network tries to connect to a website, the Firebox examines the WebBlocker database. If the website is not in the database or is not denied, the page opens. If the website is in the WebBlocker database and is denied based on the content category of the site, a notification appears, and the website is not displayed."
Re: BOVPN open only some sites
Some web sites don't seem to work well via a BOVPN or via some other access which reduces the data packets size below some critical size.
One option is to enable PMTU checking in the PC which is attempting to access the remote web site.
See my post here on how to do this. Also look at my post just above it.
https://community.watchguard.com/watchguard-community/discussion/comment/5280#Comment_5280
Sometimes setting the external interface Advanced Setting or BOVPN setting for the DF bit to clear helps.
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/define_gateway_endpts_c.html
Re: Can't access site only on VPN
re. logging - you can look at Traffic Monitor.
In WSM Firebox System Manager -> Traffic Monitor, one can select the Maximum Log Messages, which can be set to a max of 25,000
Is access to this site being done via a BOVPN from your firewall?
The HTTP access message "Access Denied." suggests that the access to this site needs to come from a specific subnet at your site.
Re: Can't access site only on VPN
Hi @RyanK
The firebox doesn't use squid, which is the open source proxy that generated that error message. Additionally, by default, traffic moving between sites on a BOVPN does so via a packet filter on the firebox.
I'd suggest asking if there is a squid server anywhere on the local or remote network that your traffic might be being sent thru.
Re: Fireware XTM Web UI - Adobe Flash
The Web UI was completely redesigned for Fireware XTM v11.8. For versions from V11.8 on, it is now mobile-ready, no longer requires Adobe Flash
To manage earlier firwall versions, you can use WSM Policy Manager - a Windows based tool set.
Re: Firebox T15 + Windows Defender Firewall
Hi @GordonHalifax
I would suggest still running the firewall on your home PC. The WatchGuard makes a great addition as a first line of defense, but does not completely replicate what a host based anti-virus does.
Re: Firebox T15 + Windows Defender Firewall
Also, you don't say if you have implemented Gateway Anti-virus on your firewall policies.
If you haven't then the firewall will not check for virus infected files.
And, have you implemented IPS on your firewall?
If not, then again, the firewall will not check for these possible attacks, which might be detected by Windows Defender.
Re: Recovery Mode - WSM 12.6.x fireware installation fails
Hi @Norman
For older firewalls (which appear to be what you're working with) recovery mode will boot into the OS the device shipped with, which includes whatever certs were used at the time of manufacture. WSM has been changed over the years to require better certs as the ability for devices to handle them has improved, and requirements have strengthened.
Since recovery mode is intended to get a failed device running, I'd suggest using one of the older versions of WSM to get your older device up, and then log in normally with a later version to run the upgrade.
Thank you,