Multiple T30s "bricked" within 2 weeks.

Good Afternoon,

My name is Will Richardson and I am raising this case from my colleagues account. We have a customer who have various different WatchGuard firewalls, most of them being T30s.

We have three different T30s located at different sites which have all "bricked"/failed suddenly.

All three of these T30s have died within the last 2 weeks, and we are looking to find out why this has happened, as we do not believe it is a coincidence, and we are worried the other T30s are at risk.

We are still waiting for 2/3 of the firewalls to arrive back at our office, however one of them has already arrived.

When we plugged it in, we were unable to get it online at all, and we were also unable to reset the box. It was quite literally a brick.

Would someone be able to assist us in finding out what has happened here?

Thanks
Will

Comments

  • edited January 12

    For the record, what Fireware version is on the still working T30 units?

    If you have a support contract on the bricked ones, you can open a support case to get direct help from WG, and replacement for non-working firewalls.

    Did someone diagnose the T30s for Cyclops Blink, and then upgrade to the Fireware version which addressed the Cyclops Blink issue?

    Cyclops Blink FAQs
    https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US

    Important Detection and Remediation Actions for Cyclops Blink State-Sponsored Botnet
    https://www.watchguard.com/wgrd-news/blog/important-detection-and-remediation-actions-cyclops-blink-state-sponsored-botnet

  • Hi Bruce, thanks so much for your response.

    We have quite a few other sites with T30s, but one of our working T30s is currently on 12.7.2 (Build 652282).

    We have another on 12.5.3 (Build 616762) and another on 11.12 (Build 516911) so the versions are a bit mixed up between each other.

    We did try to raise a ticket with WatchGuard, however the support contract for these T30s has expired which is why we decided it might be worth posting on the forum.

    The appliances were NOT checked for Cyclops Blink, they were completely inaccessible and we were unaware of this malware at the time of failure.

    How would you advise that we proceed?

    Thanks
    Will

  • For the working ones - do the Cyclops remediation, which ends up with a free upgrade, even with no support contract on the T30, to v12.7.2 Update 2.

    Consider subscribing to the WG support alerts:
    https://www.watchguard.com/wgrd-blog/subscribe-email

  • Additionally, you could purchase support for a T30 for 1 year on a dead unit, then open a support case for it and get a replacement unit if it can't be brought back to life.

    See the Renewing Expired Licenses and Back Dating section, here:
    https://www.watchguard.com/wgrd-support/support-levels/terms-conditions

    WatchGuard Standard Support Renewal 1-yr for Firebox T30
    part # WGT30201
    I see a number of sites on the Internet which sell this for under $150.

    The T30 units go End of Life on June 30 2023, which means end of support.

  • And, there is a trade up program which may be of interest, to get a new model firewall to replace an old dead one.

    https://www.watchguard.com/wgrd-sales/promotions/customer-loyalty-trade-up-program

  • Have you verified that the power supply for the dead ones are good?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Depending on the age of the T30s, the SD card may have failed, or there might be something else going on.

    The easiest way to tell if the firewall isn't booting is to plug into the console port on it. You'll likely need a USB to serial converter, and a serial rollover cable (they're the same as the light blue cables Cisco uses with an RJ45 connector on one end, and a DB9 connector on the other.)
    The firewall talks at 115200 baud over that connection (not the default 9600) but with a program like PuTTY, hyperterminal, etc, you should be able to see if the box is just failing to boot, or what the issue might be.

    If the box isn't booting the solution under most circumstances will be an RMA replacement.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.