Best Of
Re: Using Ubiquity Cloud Gateways with L2 Fiber Connection to bridge to internet
Thanks, James, unfortunately I do not think the Ubiquity device is that sophisticated, but I will check with their support as well. I inherited this from the previous IT folks that are all gone now. I would have much rather had a full single vendor stack. I do have public IPs available, but they also set it up to use the FW as a router instead of just a FW. So, there is no dynamic routing taking place anywhere on the network.
Re: whitelisting a domain
If that site is being Inspected, then it could be that something (a header etc.) is being stripped which is annoying the software package.
Try adding a HTTPS filter for access to the site & turn on logging on it so that you can see it in Traffic Monitor and find it in the lo.gs
Re: Wifi not Passing all Traffic?
For HTTPS inspection to work, you need to install either a certificate from the firewall or one from your corporate CA.
I don't see how HTTPS Inspect can work with IoT devices.
Some sites do not work with Inspect even with the correct cert installed. For those sites, one needs to set up Allow exceptions.
Re: Dynamic Vlan Assignment with Aruba Clearpass
Thanks James, I've got all those options enabled now, but no luck. Have raised a case with support.
Radius:IETF:Framed-Protocol 1
Radius:IETF:Service-Type 2
Radius:IETF:Tunnel-Medium-Type 6
Radius:IETF:Tunnel-Private-Group-Id 50
Radius:IETF:Tunnel-Type 13
Abertay
Re: Feature Request - Watchguard Cloud - Firebox Templates, SD-WAN editing
Hi @seanhht
There is an existing feature request (FCCM-6507) to show the SD-WAN status in the policy overview.
I'll mention a toggle to the project management team, but they may want to avoid adding that function there as there may be some situations where SD-WAN isn't as straightforward as on or off.
Feature Request - Watchguard Cloud - Firebox Templates, SD-WAN editing
I would like to request a feature in Watchguard Cloud Configuration.
My suggestion is to add an allow/disallow slider for SD-WAN actions, in each firewall policy in Firebox templates. Much like you have for content actions. This would allow us to turn on and select a SD-WAN action at the device level.
There may be some policies we don't want this. There may be some policies that we want this enabled. That is why I don't think it should be an all or nothing approach.
If you are not an MSP, you cannot copy a firebox template to your cloud-managed firebox. You can only subscribe the firebox to the template. While this is a fine way to handle things, there is a problem with doing it this way. You cannot "tell" the template that you will want to use an SD-WAN, You cannot allow or deny an sd-wan action. If you deploy the template with Firewall Policies, those policies are not editable, at all.
I would prefer this option to copying the policy, for ease of updating and making it easier to deploy templates to multiple sites and fireboxes. This is a template, the name indicates that it should be able to be changed at the device level.
seanhht
Re: AP330 connection issues
Thank you for your response. Despite the tickets we had opened and the troubleshooting done, we felt like we were going in circles for a while. However, after extensive testing and tweaking, we finally found a solution that seems to work for us and stabilizes our Wi-Fi network.
I wanted to share this in case it helps others experiencing similar issues.
--> link
JC_P
Re: Wi-Fi Mesh Networking
Yeah, WatchGuard hasn't been focused on Mesh solution due to how Mesh degrades performance. It's better than nothing when you can't get a wire out but is still not optimal
Re: PC freeze up issue
check if your HP machines came with preinstalled HP Wolf Security EDR software.
https://enterprisesecurity.hp.com/s/article/How-to-uninstall-HP-Wolf-Pro-Security
