Accessing WatchGuard XTM330 problem

Hello,

We have a WatchGuard XTM330 Version 11.5.1.B331198.

So with Adoble Flash Player discontinued, we couldn't access the WebUI but found a browser (Pale Moon) where we could still access the WebUI.

So now we can access the WebUI but if we do any changes and hit save (like in the Firewall Policy) then an error pops up: "Code :500, An Internal server error occurred, please login again". Even just changing the Contact Name, this error pops up.

Not sure if this is a WebUI error and if we could go into the Firewall in different ways? I did try WSM but no Passpharse is working with the "Status" user name.

I have physical access to the Watchguard here at the office.

Thank you for any help/tips

Comments

  • You can use the CLI.

    Do you need to keep this config?
    If so, do have a saved config on disk?
    If not:
    1) try saving the config using the Web UI - System -> Configuration File
    2) save one using the CLI

    Then do a Factory reset, run the QuickSetup wizard so you know the Read/status and Update/admin passwords.
    Import the saved config using WSM Policy Manager.

    CLI - see "export config to"
    https://www.watchguard.com/help/docs/fireware/12/en-US/CLI/index.html#en-US/main_commands/main_command_ref.html

  • james.carsonjames.carson Moderator, WatchGuard Representative

    I would suggest using WSM to manage the firewall. An older 11.9.x version of it should work on that older firmware:
    https://cdn.watchguard.com/SoftwareCenter/Files/WSM/11_9_3/WSM11_9_3.exe

    -James Carson
    WatchGuard Customer Support

  • Hi,

    I will try this version of WSM and see if that would work. Was trying 11.12.4 version.

    Was able to get the config file using Web UI - System -> Configuration File.

    This will be the first time doing a factory reset on our Watchguard and if the Watchguard is down, our connection to the internet is down too. Once I do the factory reset, does the Quick Setup wizard just pop up or do I download from Watchguard?

    Thank you for your help.

  • edited January 2022

    With the links here and checking everywhere in the WebUI, I was able to change/input a password in WebUI for status/admin. System -> Passphrase. All attempts to save info on WebUI resulted in error but this one didn't.

    I am now able to use WSM. I go to Policy manager and add a new Network IP into a Policy, I check to "Save to Firebox" then receive a message:

    "The Fireware OS version on this device does not support the Spanning Tree Protocol. These settings will be removed. Do you want to continue?

    I press "Yes". I save the XML then there is another error message saying:

    "Error communicationg with Firebox "IP address here". INTERNAL_ERROR: Invalid xml"

    Any way to fix or go around this?

    Thank you

  • Confirm what WSM version you are using.

    "If you try to save a configuration file to a Firebox running Fireware v11.12.2 or lower with Policy Manager 11.12.4 or later, you could see the warning message:

    The Fireware OS version on this device does not support the Spanning Tree Protocol.
    These settings will be removed. Do you want to continue?

    This occurs because, starting with Fireware v11.12.2, Fireboxes and WatchGuard System Manager support Spanning Tree Protocol, or STP. If your Firebox is installed with Fireware v11.12.2 or lower, WatchGuard System Manager will enable STP by default, and you must disable Spanning Tree Protocol to save the configuration to your Firebox.

    Spanning Tree Protocol message when saving configuration
    https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g3FtSAI&lang=en_US

    For the Invalid xml issue - not sure where the issue is.
    Perhaps using WSM 11.9.3 won't have this issue

  • So I had WSM 11.12.4 on my computer and had that error. Then tried WSM 11.9.3 on another computer and still received that Invalid xml error.

    Think I should try to upgrade to the latest fireware I can. Seems like Fireware 12.1.3 Update 5 is the latest in my Software for XTM 330 and WSM 12.7.

    If advise against this, please let me know.

    Thank you for your help

  • You can try the latest version of WSM, but I'm not sure that it will help.

    First use Policy Manager to get the current config from the firewall instead of opening the one that you saved from the Web UI.
    Then try saving that back to the firewall - an unchanged one, and see if that works OK.
    If so, then make your needed changes and try saving that.

    In Policy Manager -> File -> Save - select the "Always create a backup" option. This will make your life so much easier to have good point in time configs, which will have date/time stamps in the file name

  • Try managing it with the same version of WSM as you have for Fireware. I have a client across the country who buys his own hardware, then asks me to help with configuration. He has an XTM 25 running 11.7.4 firmware, and the only WSM (PM) that will save to it without corrupting the config or getting errors is WSM 11.7.4. I have two VMs, one with WSM 11.7.4 and one with WSM 11.9.something for managing another client who doesn't buy current hardware (he has an XTM 26).

    Gregg Hill

  • Thank you all for the help. Learned a lot but not everything, still more than before.

    So upgraded the Fireware and WSM to 12.1.1, just to have same versions of both. Now able to change Firewall Policies and save the XML with no problems.

    I did do that "Aways create a backup" option as well.

  • Great news.
    When you have more questions - just ask.

Sign In to comment.