Best Of
Re: SNMP issues after upgrading firmware
PRTG Network Monitor 25.2.108.1358 x64 - new version resolved this issue. SNMP traffic can be added fine again.
Re: Mobile VPN Client with SSLVPN v 12.11.3 SAML broken following Edge Update on Windows Systems
WG has new workaround for this problem
https://portal.watchguard.com/wgknowledgebase?type=Known Issues&SFDCID=kA1Vr000000CffJKAS&lang=en_US
Re: IPSec mobile VPN with Radius
@jfaz11 said:
I setup NPS and ran the Azure MFA NPS Extension.The group exists in AD and the user is a member of the group. The VM in Azure I created an NSG rule to allow inbound UDP 1812/1813/1645/1646Any help would be great. Thanks
For the Azure MFA extension to Windows NPS, as far as I know this only supports one method of MFA - notifications to the Authenticator app on a mobile device.
Make sure the users have that as their default method.
At least that was what I had to do for IKEv2 and SSL VPN; I don't use the IPsec VPN client but presume it also requires this since I don't believe there is a way for the MFA challenge/response part to have user input through the VPN client.
Re: Mobile VPN Client with SSLVPN v 12.11.3 SAML broken following Edge Update on Windows Systems
We have had this same issue - but we also had updated our Firebox to 12.11.3
we have rolled back the VPN Client to 12.11.2 and it still connects to the FB ok.
hopefully a fix from watchguard comes soon!
NazM
Re: Botnet Detection is blocking Facebook today - 8/12/25
I'm seeing static.xx.fbcdn.net (31.13.66.19) being blocked by botnet.
Adding an exception fixed this for me.
Re: Windows update and VPN
Hi
Windows sometimes unregisters SSLVPN's TAP driver. This can be caused by other applications trying to use that same TAP driver or by updates to your network drivers via Windows update.
If you'd like to use Windows' built-in VPN client, we support that via IKEv2 and L2TP. We generally recommend IKEv2 for Windows 10 and 11. L2TP is usually used with legacy versions of Windows and other devices that don't support IKEv2.
See:
(Mobile VPN with IKEv2)
https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/mvpn/ikev2/mvpn_ikev2_about_c.html geometry dash lite
Thanks for your answer. This is what I'm looking for.
Re: Content Inspection - Video- Radio-Streams, Speedtests-Problems
I think your problem is not the HTTPS-Proxy action, but the HTTP-proxy action you are using to do inspect.
In the HTTPS-Proxy action, you configure what websites are going to be inspected and what websites are not inspected.
In the HTTP-Proxy action, you then configure what kind of inspecting is done to the websites.
You are probably using and old HTTP-Proxy action that has many outdated configurations that aren’t really working anymore with modern websites.
Nowadays, many modern websites use custom HTTP “X-” headers and if these custom headers are stripped these websites aren’t working correct anymore.
I would increase the “Set the maximum URL path length to” 16384 from the default 4096 value, both in HTTP Request and HTTP Response General Settings.
Security is achieved with the UTM security services, not by denying some HTTP headers.
The idea is more to use the Firebox devices UTM security services to protect your networks and users from attacks and harmful data.
Proxy actions are powerful tools and better suited to example control some web traffic by denying *.exe file downloads
or denying example on-line media content with denying HTTP headers, etc...
For normal daily web browsing, I would use the default “open” HTTP-Client.Standard action + UTM Security services!
Check following video where I show my new best practice HTTP Proxy action that is based on the WG Cloud Managed Firebox proxy action + couple setting
that I have enabled.
Re: Content Inspection - Video- Radio-Streams, Speedtests-Problems
Did you install the firewall certificate on your PCs?
Re: Content Inspection - Video- Radio-Streams, Speedtests-Problems
What do you see in Traffic Monitor when you try one of these accesses?
Seems like something is being stripped or denied
Re: Content Inspection - Video- Radio-Streams, Speedtests-Problems
Hi @MoSeSe
What does the browser say when portions of the page are not loading properly? Do you see any certificate warnings (either in the address bar, or in developer mode via the network tab)
The instructions to generate a HAR file will get you in developer mode so you can seee more errors:
(Generate a HAR file)
https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000WOm9SAG&lang=en_US
If you haven't done so I'd suggest opening a support case.
