Best Of
Re: DNS Server in Ireland down? 34.251.171.117 get unknown error
same here on a M270 last Friday at approx. 3PM, even though there were no incidents reported on status.watchguard.com across all regions.
blocking ip addresses with failed logins
Hi Team,
Fireware v12.10.4 includes a new feature to block IPs after failed login attempts, but it only works for failed logins to the accounts: status or admin.
In adition, it would be interesting to lock a same source IP when it's trying to login several attempts to different account names in short time, specially when they actually neither exist.
Thank in advance for any answer about this behaviour!
Javier
Re: AuthPoint_App Custom Branding
Hi @Cristiano_D
Please create a support case. I can't look into why your image is not updating without your account info so I know what account to look at.
Re: Upload Failed: 161 Backup failed: Unable to upgrade OS because of getting image info failed Upgrade
First, make sure you're unzipping the file -- the firewall wants the sysa-dl file inside of it. (Lots of people make this mistake.)
Myself included... Ok, I will try it correctly now and report back. Thanks!
Re: Cannot send traffic through BOVPN VIF
@Leonid said:
Figure that VPN route should point to Side B internal network and virtual IP has nothing to do with it
If i remember correct virtual ip is nessesacy, if you need gre enabled in the tunnel.
Re: AuthPoint & Multiple Groups Per User
I'm seeing this issue as well.
I've been using AuthPoint for VPN MFA, but now want to also use it for another app where all VPN users may not be assigned use of this 2nd app. Or the new app user may not have VPN access permissions.
When I add another group to sync from AD, the original group membership for VPN gets removed when the user is updated with the new app permissions.
I'll put in a support ticket and hopefully come up with a solution or workaround.
Access Portal proxy Exchange and RDWeb
Hello everyone,
we are testing Access Portal to secure the access to our hosted services like OWA (Outlook on the Web) and RDweb and we would like to add AuthPoint for MFA later.
But there are several problems we are encounting with this solution. Maybe someone here can help before I am submitting a ticket with the Watchguard support.
1. Forwarding user credentials from the Access Portal to OWA is not working. The user has to reenter their credentials in the OWA login screen after they already have successfully authenticated into Access Portal.
2. ActiveSync is not working. The Traffic Monitor shows something like " ...user was rejected or user doesn't exist". In my understanding request to /Microsoft-Server-ActiveSync should be bypassed from Access Portal.
3. The new RDWeb HTML5 Client is not working. Does the reverse proxy in Access Portal even supports websocket connections?
Currently we are using Nginx as reverse proxy for all those services and it works without any problems. But Access Portal + AuthPoint looks like a good solution for easily implementing MFA for some webservices.
Re: Dimension on Proxmox ?
@james.carson said:
Hi @markpcom and @roblopThere is an existing feature request (FBX-4284) at this time. If you'd like to follow that request, please create a support case and mention FBX-4284 in the case.
Done!
@SLEE said:
Hi @markpcom,
Hope all is well.
I am on the same boat that we need to phase out the VMWare server and needs to migrate it to Proxmox. I had imported the OVA into Proxmox and when I tried to start it up, it said there is no boot disk.
Is that the same issue you were talking about adding the virtio driver to Dimension?
Thanks.@Gunthr said:
+1 to VMWare and Hyper-V alternatives. I'm also dumping VMWare due to the new ownership, but KVM is running into the same no boot disk issue. Thanks for the link @Bruce_Briggs, I'll check that out!
I didn't create a CT as the link suggest, I still use a normal VM exactly like it was in vmware. It works perfecly fine except shutdown and reboot because I don't have QEMU guest agent installed (and maybe performance are not optimized, i don't know).
This is the procedure i used:
1- in vmware, right click on powered off dimension VM -> template --> export ovf template (remove all the blank space in the name, proxmox don't like it)
2- you download 4 files: .mf / .vmdk / .ovf / .nvram
3- upload those files on proxmox into directory /tmp/
4- import command from the proxmox shell:
qm importovf 121 /tmp/Watchguard-Dimension.ovf local-zfs
(121 is the id number of my dimension vm, local-zfs is my datastore)
And these are my VM settings, only hidden the mac address
Vm works fine, the only problem is when I need to reboot or shutdown the host server, i have to manually force a stop because dimension won't shutdown. But I'm sure watchguard will help us very soon
Re: SSL VPN Stuck on TCP_CONNECT
I have my signature auto-update set to 2 hours.
But, I often see that there is an available signature update. I just ignore it as it will be updated within 2 hours.
Once your firewall has the correct date/time, and the end PC has the correct time, save configs should end up with the correct date/time.
Re: mobile ssl vpn immediate disconnects
I had a similiar problem on certain surface tablets. Check your processor. I have confirmed with Watchguard that the TAP driver they provide does not work with ARM processors.
I have a workaround though.
- Download OpenVPN here: https://openvpn.net/community-downloads/
- install ONLY the TAP driver.
Afterwards, your Watchguard SSL VPN will be able to connect.