Best Of
Re: Feature Request - Allow Policy Manager to groups several policies or separator line
In WSM Policy Manager, there is an Edit -> Find option, which allows one to search policies for:
Address (IP,, Network, User, Alias, FQDN, etc.), Port number, Protocol, Tag
This is in addition to be able to sort on the columns, such as Protocol, Policy Name, From, To, Port, etc.
Re: Mobile SSL VPN + NPS w/ Azure Extension + Azure MFA
I got this working on my end without much effort. A few notes:
1 - Don't deploy on an existing NPS implementation as the Azure EPS extension will 'break' the local NPS.
2 - Configure as you normally would based on the Watchguard documentation. https://techsearch.watchguard.com/KB/WGKnowledgeBase?lang=en_US&SFDCID=kA22A000000XZlhSAG&type=KBArticle
3 - Make sure AD is syncing to Azure.
4 - Make sure users have licensing for MFA.
Basically, radius does the same checks to validate as usual, but then sends the request to Azure for the MFA portion. There isn't anything to configure for that action.
Re: Routing traffic on Multi-wan by source network
Sure.
The key is specifying a SD-WAN action on a policy, which could be for a single IP addr
Re: Feature Request - Allow Policy Manager to groups several policies or separator line
Hi @Infra
If you are in manual order mode, and if you create a policy to/from "firebox" you can use the policy name to make note lines, if that is helpful for you.
You can also use policy highlighting to color code your rules if that helps you organize
Re: Feature Request - Allow Policy Manager to groups several policies or separator line
Review this, which may address your needs:
About Policy Tags and Filters
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/policy_tags-filters_c.html
Re: Disable TCP SYN checking Cloud Managed
@GeorgeWillow Yes. Create a support case and mention FCCM-4622 in the case, and that you'd like to follow that feature request. The technician that is assigned the case can set it up to do that for you.
Re: Disable TCP SYN checking Cloud Managed
Hi @GeorgeWillow
There is currently a feature request open for the ability to turn TCP SYN checking off for cloud managed devices. This is FCCM-4622.
Re: Unable to configure LACP on T45
Just an update, with the latest 12.10.2.B692269 was able to add the LA group and get it working.
Thanks,
Marc
Re: EDR slowness on terminal server
My advice, then, would be to open a case to techsupport, so we can study this specific case, and provide a personalised solution.
Re: VPN between watchguard with both behind NAT
Hi @the_jonathan
Check to see if your upstream NAT devices are forwarding and allowing that IPSEC traffic. Specifically ESP traffic.
There's a reason we generally recommend NAT devices not be in front of your firebox, and this is one of them.
Your logs are not sanitized (I can see the destination IPs in your logs) and I'm not going to allow a random .docx that could potentially contain a virus here.
Please consider opening a support case. This will allow the WatchGuard support rep to see your config(s) and help via a confidential channel, so that you do not have to worry about sanitizing your logs.
If you must post logs here, please ensure any personally identifiable info is removed (such as IP addresses, serial numbers, and device names.) If you must post an attachment, please use something like a plain text file, and not a Word doc that can be harboring malware.