BarryG

About

Display Name
BarryG
Joined
Visits
58
Last Active
Roles
No Roles
Badges
0

Comments

  • Thanks. I can check traffic monitor though I didn't see anything or maybe I wasn't filtering correctly. Uhmm what RDP server are we talking about? The Access portal makes a direct connection to the remote desktop client of the windows 10 machine. How would I check that except to see it maybe logged in the windows event…
  • OK on further testing this seems to be the way WG is parsing TLS or RDP now? All of our previous setups have used TLS and forced the user to logon with their network credentials. Now if I add a new machine to an existing Access Portal profile that used LTS and trusted Cert. Or create a new access rule, I can only get it to…
  • Ok thanks James. I was on 12.6.x and rolled up the cluster to 12.7.2 This seems to have solved that problem. Great. now I just have to figure out why I'm not able to route or get RDP with an UPSTREAM_NOT_FOUND error, where as other users set up this way on the same VLANS have access? IP addresses and port 3389 are correct…
  • Ahh.. I think I see the issue now.. it looks like it is an FQDN problem. Thanks Bruce.
  • FQDN's on our split horizon DNS. Yes I have. I know that the internal DNS is listed in the Firebox setup also. I'll re-read the doc again. thanks.
  • We have been testing out a CSP release patch for this issue and can confirm WG have fixed the issue of high RAM usage, High CPU pinning, and kernel crashing causing failovers. As well, Access Portal users connections are now being released as expected. I've been told WG will be rolling out an official 12.5.3 update1 which…
  • And I'm still seeing now infrequent maxing of CPU cycles by the process as well as Kernel and UserSpace crash logs. @James_Carson I'll reopen my ticket on the subject so I can get updates.
  • Perfect - what I was looking for. Happy Easter
  • OK thanks for the info Bruce. Bit of a gotha. The problem I have with this is the the IKEv2 user credentials are being storied in Windows 10 after the first connection is made. So anyone that may have access to the physical machine now has assess to the Network. Changing the Session time out is do-able but problematic.…
  • @James_Carson Yes and I think there are some of those already. Its more the IKEv2, L2TP, Setting up and configuring Authentication Portal and other SSLVPN options. And maybe Best Security practices to securing those access points - Follow-on is creating and applying groups and permissions. If you have time to configure and…
  • @James_Carson Since our Kernel dump by the Firebox after several days of high processor load, we have not seen a problem. CPU utilization is sitting around 18% with about 15 Access Portal users, 8 L2TP and 3 IKEv2 users.. What I am now seeing through is duplicate authentications being logged for Portal Access users.. my…
  • Just and update and closure to this thread. Our Cluster Master issued a Kernel Exception after a few days of initiating the Access Portal. It rolled over to the Passive device and is now reporting 'normal' CPU usage after since then (several days). In our case about 8 to 15% utilization. WG techs decided 'it ok now' and…
  • Just to update.. my ticket has been Escalated again after the Master issued a Fault Report on UserSpace this morning. Portal and users are up and can still connect but the CPU graph no longer shows the Masters CPU activity.
  • Nothing yet. But as Bruce says - log your own ticket so you get notified. My M470's have been pegged for about a week now, but my remote users (increasing daily) have not complained about any issues so far. And the FB haven't crashed off the face of the earth so far..
  • Watchguard engineers have reported and logged this as an official BUG. They are working on a fix.
  • To provide some closure for future readers.. I opened a ticket and this process does control the Access Portal function. Currently had 8 connected users which maxes out the CPU on the Firewall. Ticket is being escalated to WG Engineers to inspect as my 2nd tier guys says this is all new territory for WG.. I'll post once I…
  • Thanks very much for the reply and links John. We did follow the exclusions to offered by both WatchGuard and Sophos when we introduced the AV clients many years ago. At the time InterceptX came out we were looking at TDR and went that route. Since then X has fallen markedly in per seat price and our 3 year term is up for…