Bruce_Briggs
About
- Display Name
- Bruce_Briggs
- Joined
- Visits
- 1,886
- Last Active
- Roles
- No Roles
- Points
- 291
- Badges
- 5
Comments
-
From posts over the years, it seems that some sites do a weekly reboot. No idea how many do or don't. In the past, specific XTM versions have had memory leaks, and reboot would help for those versions. I don't schedule a reboot, but I don't have a h…
-
No Those log messages are still here
-
Are you using the Access Portal? If so, look at this: Process guac-standalone https://community.watchguard.com/watchguard-community/discussion/comment/3640 Otherwise to get help in figuring this out, consider opening a support incident.
-
From the docs - describing the Load bar: "The CPU utilization value from the device is the average percentage over the last minute." So it is difficult to relate the load bar to processes
-
You can see the CPU utilization of the individual components in WSM Firebox System Manager -> Status Report -> Process list
-
Also try doing a tracert to an IP addr out on the Internet from a VPN client. If you get replies for Internet IP addrs, then you know that the firewall settings are not the issue. If you don't - look at your Dynamic NAT settings. There should be 3 …
-
Does you router know about the 192.168.114.0/24 subnet and does it forward reply packets to the firewall? The Subnet Mask = 255.255.255.255 & Default Gateway = 0.0.0.0 are to be expected. That is what I see for my IKEv2 connection That basicall…
-
My Window 10 PC shows a DNS lookup being attempted for a ping to a host name with the DNS suffix appended to the host name entered. So you need a real local DNS to do FQDN resolutions. XTM is not a DNS server. It can only be a DNS forwarder, if this…
-
Verify that your PC has the domain name suffix in its interface settings. In a CMD box, enter: ipconfig /all If not, either reboot your PC or in a CMD box, do: ipconfig /release ipconfig /renew
-
No idea. If you have a current LiveSecurity license, you could open a support incident and have a WG rep review your config.
-
Try using a different firewall interface for your ISP connection. 11.9.4 is a very old version. It came out in late 2014. You can't upgrade a firewall which does not have an active LiveSecurity license.
-
For the record, what XTM version are you running?" "SIP provider 1->SNAT firebox-ISP" Not sure what the internal IP addr device is here on your policy - what is it? If you have the default Outgoing policy in your config, then th…
-
The three default Dynamic NAT entries are for the 3 private subnets: 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 Either add the 3 default entries back or fix your newly added Dynamic NAT entries to be to Any-external, not External-A Use of PBR is not a…
-
What XTM version are you running? Do you still have the 3 default Dynamic NAT entries? If so, then you don't need to add any others for the IPSec IP addr pool IP addrs/subnet. If not, there is rarely a reason to remove the 3 default entries, and co…
-
What XTM version are you running? The User Space Crash appears to be unrelated to the link issue. Which firewall interface is having the link issue and what is connected to that interface?
-
Yes the same external IP addr will work for all.
-
On the page from my link, it shows that a T70 doesn’t have aTPM chip
-
Or many years...
-
If this does not work, then possibly you could set this up as a BOVPN type connection.
-
Here is the only way that I can see a way to test this: 1) split tunneling mode on the Mobile VPN IPSec setup in Fireware 2) the 192.168.1.0/24 subnet can not be used anyplace in the Firebox config 3) add a route on the firebox for the 192.168.1.x …
-
Yes You can set up all 4 VPN client types and have different users using the one that works best for them concurrently
-
DataVLAN 172.17.1.1/23 valid IP addrs: 172.17.0.1 - 172.17.1.254 or 510 IP addrs You can't change the subnet mask to /22 as it will overlap the VoiceLAN
-
And you could change the subnet net mask from a /24 to a larger one such as a /25 (as long as it does not overlap an existing subnet) to provide twice as many IP addrs for that subnet.
-
Just magic ;-) The source IP of the packet is the firewall external interface IP addr - so now it will route over the BOVPN.
-
I expect that this will work if you add the site B external interface IP addr to the BOVPN Tunnel entries at each end. Local at site B, Remote at site A.
-
Consider opening a support incident to get help from a WG rep in understanding the cause of these log messages.
-
In WG Cloud, try: Configure -> Fireboxes -> Add Device button Add a Firebox to WatchGuard Cloud https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/WG-Cloud/Devices/device_add_to_cloud.html If you don't see your T70 in the a…
-
Is the remote IP addr one to which you have a BOVPN? If not, it could be that the remote IP addr is trying to create an IPSec connection to your firewall. If this is the case, the only way to stop these connection attempts is to 1) unselect "…
-
The TCP Dump suggests that the firewall is not replying to the ARP requests or that something in between the Debian and the firewall interface is dropping the ARP packets or the reply to the ARP packets. A TCP Dump on the firewall interface will tel…
-
So fix the conflicts. You can change from auto-order mode to manual mode to that you can set desired policies in the exact order that you want.