Bruce_Briggs
About
- Display Name
- Bruce_Briggs
- Joined
- Visits
- 2,871
- Last Active
- Roles
- No Roles
- Points
- 467
- Badges
- 7
Comments
-
Time for a support incident. TLS 1.1 and lower are no longer secure should not be used. If you find a resolution, please post it.
-
For the record, what firewall model is this, and what firmware version is it running? What is the latency of this link? What was the China end connecting to, prior to installing the firewall in Spain? Was it a RDP within SSH connection like it is …
-
Normally, with Diagnostic Logging set to Error, one should not see Debug level log messages in Traffic Monitor or in the log servers. As far as I am concerned, these should not be being displayed. I am seeing some of these as well. https://communit…
-
I have 14 OS directories, the oldest being 12.1, for 2 firewall models. Again, I don't have this issue. Odd.
-
What version of the Mobile VPN with SSL Client is installed? v12.6.3 is recommended by WG. From here: macOS Big Sur 11.x software compatibility https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000bpyhSAA&lang=en_US
-
I don't have the 2nd 'FirewareXTM' in my path
-
You can install 2 different firewall IKE certs in Windows, so I expect that this should work. Do some debugging on the T55. What do you see in Traffic Monitor when this connection is tried? You can turn on diagnostic logging for IKE which may show…
-
No. You need to use WSM Policy Manager. Open the config (.xml file) from the old firewall, make the needed changes - model info & license keys, then save that config someplace. Then import the modified config into the new firewall using WSM Poli…
-
Yes, by using WSM Policy Manager. Move a Configuration to a New Firebox https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/basicadmin/config_file_use_new_model_wsm.html
-
Search for "building to building wireless bridge" to see a number of options. I used this a number of years ago between 2 buildings about 1/2 mile apart - which a clear line of sight between the 2.
-
I also think that you have Firebox-DB users which can access the WG auth applet (TCP 4100) by selecting Domain = Firebox-DB, which would allow access for non-Authpoint users.
-
Don't try to access Authpoint for a non Authpoint user. Standard RDP acceess should still work - although we recommend for non-Authpoint users to either use a client VPN connection, access from a known IP addr. Any of these alternatives needs to be…
-
Caps lock on your keyboard?
-
A fresh install for me asks where I want to do the install, which defaults to: C:\Program Files (x86)\WatchGuard\wsm11\wsm\bin There are lots of Registry entries which have this default path. Request your support incident to be escalated. That is …
-
You add the dynamic DNS name that the other end has registered.
-
If you are having issues, you should open a support incident so that a WG rep can help resolve it. You can click on the Support Center link at the top
-
Should work.
-
You can have both active with an ap327x I have a dual band AP300 and have both bands active with multiple SSIDs active on each band. And I have a -w firewall model - which does not limit what you can do with an AP.
-
You can add a policy, set to Deny, From: SSLVPN-Users To: the VOIP server IP addr. Not sure what policy type to use, but it could be an Any packet filter.
-
Review this: AP327X antenna installation https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000bpCdSAI&lang=en_US
-
Make sure that you do not have a SD-WAN action selected for any incoming policy.
-
Review this: WatchGuard AP Licensing https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g2kASAQ&lang=en_US
-
Sorry, no more ideas
-
Have you tried rebooting a DHCP PC after changing the trusted interface IP addr and seeing if it now works? For the static IP addr PC, did you change the PC IP addr & default gateway IP addrs after changing the trusted interface IP addr ? Also …
-
Did you mess with the default Dynamic NAT settings? There should be 3 entries covering each of the private subnets - Any-external
-
Q. Does Dimension replace the need for the Log Server? A. yes Q. Would there be any benefit for running both? A. Dimension requires a current LiveSecurity license. WSM Log & Report servers do not
-
That info is wrong. Works just fine.
-
What DNS server IP addr is being used for the static IP addr devices? A public one? Or the firewall interface? If the firewall, then you need to enable DNS forwarding About DNS Forwarding https://www.watchguard.com/help/docs/help-center/en-US/Conte…
-
Add an Any packet filter From: the IP addr To: Any-external Move this policy to the top of your policy list. To see packets allowed by a policy in Traffic Monitor, enable Logging on it
-
The firewall knows how to route to 192.1 68.15.2, so no static route is needed on the firewall for this. You need to set up the client software that uses the phone/fax router to send to 192.1 68.15.2 instead of the firewall default gateway addr. Wi…