Best Of
Re: BOVPN to Fortigate
Hi @Francesco
1:1 NAT will mean the distant end will attempt to contact you via the NAT'ed address, and the firewall will translate the NATed address to the real one.
The first address is available for use since there isn't a network ID/gateway in this scenario.
I'd suggest opening a support case. Our techs can help determine if that traffic is even reaching your firewall. If you'd prefer to troubleshoot yourself, having the distant end send pings is usually the best way since there does not need to be a TCP connection in order for the ping to traverse (meaning you'll see log lines in your traffic monitor if logging is enabled for your bovpn allow.in policy.)
Re: Hit by CVE-2025-14733
Hi @offbyone
If the firewall is passing the integrity check on bootup, or when you check via WebUI, the current install on the firewall should be good.
See:
(System Integrity Checks)
https://www.watchguard.com/help/docs/help-center/en-US/content/en-us/Fireware/system_status/stats_diagnostics_integrity_checks.html
If you are concerned that the system may have been compromised, you can use recovery mode to overwrite the firmware on the firewall:
See:
(Use Recovery Mode)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/other/QSW_recovery_mode_wsm.html
Note: Recovery mode will completely erase everything on your firewall, and it will boot up as if it were powered on for the first time. Any self-signed certificates will be erased and regenerated, and any user-imported certificates will be wiped.
Re: Remote management vis WSM
Depends on what your Firebox policy looks like. Do you see any deny logs for that traffic when you attempt to access via those other IPs?
Mobile VPN with SSL ver 12.11.5 not asking for MFA anymore
We updated the Mobile VPN with SSL client from v12.11.2 to v12.11.5. After the update, users can establish a VPN connection using only a username and password. With v12.11.2, MFA was also required. No changes were made on the Firebox.
ANADIAN
Re: WSM in RDP
Hi @Francesco
I tried accessing the WSM 2025.1.3 app on a Win11 PC across an RDP session. I was able to launch the app, log into a firewall, and edit policies as expected.
If you're seeing a blank tile when you try to launch it, the shortcut may not have been updated. Perhaps try reinstalling the WSM application. If you're still running into this issue I'd suggest opening a support case via the support center link at the top right of this page.
Re: Remote management vis WSM
My best guess is that you have a higher priority policy for 1 of the 3 ports used for WSM access: TCP port 4105, 4117, 4118.
Re: One way BOVPN
Never mind ... I just found out the subnetmask was wrongly given. I changed that and it works now.
Maarten
Re: Azure SQL Database: Queries Slow Despite Normal DTU/CPU?
@james.carson said:
Hi @AndersonYou may have more luck posting this to a forum specifically handling Azure and SQL issues. Most of the traffic here will be related to troubleshooting issues that occur when traversing one of WatchGuard's firewalls or other products.
Hey!!! Thanks for the idea!
We know that this forum is mostly about WatchGuard products.
We posted here on purpose to reach a wider audience that may have dealt with performance issues in Azure SQL, even if it's not the usual topic of this forum.
Anderson