Comments
-
Set vlan19 on the WatchGuard as tagged.
-
Looks to me that the vlan19 packets are tagged. They should not be in your current setup.
-
Correct, for the OpenVPN client
-
See this Known Issue: On Fireboxes that run Fireware v12.11, IDP-initiated SAML logins to the Access Portal fail. Access Portal logins fail in 12.11 with "403 Forbidden Invalid Session" error https://techsearch.watchguard.com/KB?type=Known%20Issues&SFDCID=kA1Vr0000009hc1KAA&lang=en_US In Traffic Monitor, you see this log…
-
It could be any of these - all they need is to match on each end. I would choose By IP Address, and use the public IP addr on the routers.
-
From the V12.11 Release Notes: . This release removes the Mobile VPN with SSL Client download page from the Firebox. [FBX-27548]
-
OpenVPN has a version which works on ARM64: https://openvpn.net/community-downloads/ Review these instructions to try using the above: Use Mobile VPN with SSL with an OpenVPN Client https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_ovpn_profile_c.html Please let us know if this…
-
Review this: About Aliases https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/aliases_about_c.html
-
Devices on the 192.168.2.x subnet will try to connect to any other device on the 192.168.2.x subnet directly, and will never send packets to their default gateway (the firewall etc.) for that subnet, so there is no way to have devices on the 192.168.2.x subnet to connect to the 172.17.1.x FTP server by using its old…
-
Not sure of the cause of your issue. However, after your device has been activated, you can rename it on the support site. Under Manage Your Products, select See All, then Network Security -> VIEW PRODUCTS Select the 3 vertical dots at the end of the device -> RENAME DEVICE
-
A quick Internet search didn't show anything obvious for a Surface. Good luck.
-
FYI, you can have a separate policy for this 1 machine. Create a DHCP reservation for the MAC addr of the Surface, and use the IP addr of it in the HTTPS policy for it. Then all of the other PCs can use the original policy. Is the Surface using Edge as the web browser?
-
Assuming that you used the Web UI to make this change, it would appear to be a Web UI bug. You should be able to do this using WSM Policy Manager without issues. Consider opening a support case to report this to WG so that they can investigate it.
-
Perhaps a packet capture in the application server will indicate what is going on.
-
Should you find a resolution, please post it so that others can find it.
-
If you believe that there were events which should show up in the reports, then you should open a support case to get WG help in understanding why the reports are not showing anything.
-
If there is no data, then there is nothing on which to report. So none of the problems/alerts seem to have existed for the reporting period.
-
The gray box in the below link - has a link to what logging needs to be enabled for this report. PCI Compliance Report https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/WG-Cloud/Devices/reports/report_pci_wgc.html
-
There are many cross site scripting detections in the Intrusion Prevention detection database. IPS detection is improved for HTTPS traffic if Inspect is being done. From the docs: "If you enable IPS for an HTTPS-proxy policy, you must also enable Content Inspection in the HTTPS-proxy action, in order for IPS to scan the…
-
How about the use of different user IDs for the different access needs?
-
No, since you formatted the SD card. The only way would have been to RMA this unit, which would require a current support contract, but that is not possible since your M200 went End of Life on 30 Jun 2023. Bricked... sorry
-
From the V12.11 Release Notes: . The Mobile VPN with SSL Client for Windows now supports SAML authentication. The additional file size is to provide support for SAML authentication for SSLVPN.
-
After a support licenses ends, all standard firewall functions should continue to work. Additional optional features, such as from Security Suites, will no longer work without a current license. With a support license, you get version updates, you can open support cases, and should your firewall fail you can get firewall…
-
There are 3 log messages that you also could try searching for: 3000-0149 INFO Firewall /Packet Filter Application Control Traffic identified 1AFF-002E INFO Proxy / HTTP Application match 2CFF-0006 INFO Proxy / HTTPS HTTPS App Match These are from the Log Catalog…
-
Anydesk connects on port 80, 443 or 6568 and connects to 239.255.102.18 Try a search for 239.255.102.18
-
what do you mean by "we cannot search in the logs of the block" ? Do you mean that you end up with no results for a search for "anydesk" (no quotes) ? Make sure that you have selected the Start Date to your desired search results. Also select Traffic or All for your search
-
What are you searching for in Dimension Log Search?
-
The M400 went End of Life on 30 Jun 2023. WG software upgrades require a support contract to be in place, and they don't exist for a EoL firewall. Upgrades to one are no longer possible. End of Life Policy https://www.watchguard.com/wgrd-trust-center/end-of-life-policy
-
No. The client VPN limit is for concurrent access, not per user.
-
For an Active/Passive cluster, you only need additional licenses for 1 firewall, which ends up being on the active member. So can see a difference in the Features keys on each. For an Active/Active cluster, you need both members to have identical licenses. So there should not be a significant difference in each. About…