Comments
-
i dont mind doing an allow all inbound from firewall IP. Just cant do it from the actual IP as it changes.
-
Thanks Bruce, the NAT function we use and that works fine and return packets etc are ok. The issue is usually with internal ACL's that dont have this function and dont support FQDNS, so you have this issue of a pool of changing IP addresses on random ports returning traffic.
-
Apologies, its the M690 we have now and 2 of these ports are built in.
-
Hi, The azure/ad auth works fine, it just won't force an MFA request. Is there a way to do this?
-
Hi @"james.carson" Its for users only not WSM. We already use AD via Radius, but that won't force an MFA prompt.
-
Thanks, thats the document i read too, but it only really talks about firebox passwords. Not external authentication sources like Radius or AD. We've never had an issue with SSO, but maybe the web authentication has limitations on what it can post.
-
Got to the bottom of it in the end. Just needs the 'force all traffic down tunnel' box ticked in the advanced section of the vpn profile on the mac.
-
Hi, Did you find a solution to this? Having the same issue with the latest version of TDR. Seems to install fine, but won't register with TDR cloud.
-
Thanks, So you need to leave the standard bovpn.in and bovpn.out rules as any/any and then put other rules above them to lock things down? For instance if i only want 1.1.1.1 (local) to access 2.2.2.2 (remote), if i add a rule that states this it won't be green as it isnt referencing the BOVPN interface and 1.1.1.1 to…
-
seems this has now changed and you can edit your profile.
-
Thanks, was hoping for more blanket blocks, like *.evilfile
-
I'm impressed you got 6mths out of Dimension. Once we hit 3mths the database runs so cripplingly slow its almost impossible to do searches. We have to archive off data older than that to keep it usuable.
-
So , i opened a case and apparently there was a change in February to limit the amount of data. Now with my timeframe set to even 1hr i can't see my top blocked clients. This severely restricts how useful the WG cloud is. Might have to resurrect Dimension.
-
Did you get an answer? i've noticed these too on 12.6.4
-
I agree, its awful. A real step back from the old dimension search.
-
Ok, so i've found the data in Dimension and i've compared the WGcloud and Dimension data side by side. For the same timestamp the Cloud has 1 entry and Dimension shows 7. A lot of detail is removed. This is the search term in the cloud that seems to work. Fwstatus AND Authentication* Any format of username brings back…
-
All devices are registered and reserved and we dont block outbound ports for these devices. So that isnt the issue. I've been through many threads on various sites and the consensus seems to be that Watchguard just wont do OpenNAT. I'm not sure what process the Xbox does to detect the kind of NAT its going through...
-
I Agree, i wouldnt turn on uPnP, even if it was supported.
-
They are already assigned via DHCP and they are on their own vlan , but that could be shared with 100 other devices , depending on what they want to plug in. (its in a halls of residence). How would a packet filter help? It would still be running through dynamic NAT, unless you are talking about a rule for each device with…
-
This service is still just too slow. Tried it again with the 5 free license deal and had to remove it due to complaints of overly slow internet. Shame as its potentially a good feature.
-
+1 for L2TP DHCP options. Now we are WFH its causing SCCM issues with addresses changing frequently
-
Thanks Mark. We have a pool of 45 PC's load-balanced through the RDgateway and what we are trying to stop is one student logging onto multiple pc's and hogging resources. So connections per second will be really low and i dont think it will achieve what we are trying to.
-
We use vpn for most things, but we have to provide RDP access for unmanaged devices which means using M$ RDGateway (ex TSGateway) over 443.
-
Thanks James, its been escalated to engineering now who are looking into it. We've had to temporarily move most of the major websites to packet filter policies so they remain stable. I'm still wondering if this is a knock-on affect of the NAT issue in 12.5 / 12.5.1 as we now have nearly 7000 users going through a single…
-
Thanks Mark. WG have now confirmed it is the HTTPS proxy issue
-
I've now upgraded to 12.4.1 and can confirm this does not fix the issue.
-
Funny you should mention that but i've had a few times when adding a nat rule completely broke it then if you remove and re-add it works.
-
Hi, Just one external interface. Don't use any SD-WAN config. Everything was all working just fine up until the upgrade. Translation rules all look good and proxy settings are all in place. I smell a bug... Going to upgrade to 12.4.1 tonight and fingers cross it fixes it. Already opened a call as per original post, thanks.…