Comments
-
You can contact Customer Care to see if they can tell you how to get a demo license. 1. You can do that via the Support Center link above - then log in, select Create New Case, and Record type = Customer Care 2) by the following form https://www.watchguard.com/wgrd-support/my-watchguard-assistance 3) or by phone…
-
You can enable Logging on the WatchGuard SSLVPN policy to verify that port 4443 packets are being received by your firewall. If not then the problem is not with your firewall. If so, you can turn on diagnostic logging for SSLVPN which may show something to help in Traffic Monitor: In WSM Policy Manager: Setup -> Logging ->…
-
If you have an active LiveSecurity license, you should open a support incident to get help from a WG rep to get this resolved. What firewall model do you have and what software (Fireware) version is it running? What is at the other end of the BOVPN? Have you tried rekeying the VPN tunnel at either end? Anything to help…
-
As can IPSec - both can work in your setup.
-
Perhaps this can help: https://www.tecmint.com/hide-apache-web-server-version-information/
-
You need a Feature Key for this and many other things to work. Also, without a Feature Key, only 1 internal IP addr is allowed to go out External. I expect that you can get an evaluation Feature Key for a FireboxV, but I'm not sure of the process. Hopefully James of WG will comment here on how to do this. @"james.carson"
-
Should have been a beta, it seems
-
Yes. However, there is no detail about what the fix really fixes. And there is nothing for this fix number in the Known Issues list on the support site which might give more info. I don't use DNS Watch because doing so causes any DNS policies in ones config to not be processed - and I have some DNS proxy policies that I…
-
Also, have you added Network -> Routes for the VLAN subnets behind the Catalyst 2960s? If so, then these need to be removed when you try the switch over.
-
Yes you do need to connect to the VLAN interface on the firewall.
-
With the Windows DNS cache enabled, you can see the cache contents in a text file with a command such as this: ipconfig /displaydns > c:\temp\dnscache.txt Perhaps that will help understand the issue.
-
For Windows, an "arp -a" should show the MAC addr of the gateway device.
-
Many devices will not pick up the fact that a new device has the IP addr that a previous device had - that the MAC addr has changed for that IP addr. Often one needs to do for a Windows device a "arp -d" in a CMD box, or a reboot for this change to be noticed by the device.
-
Sorry - ignore my prior post. What type have you set for the uplink from your switch stack to the firewall? Normally these should be tagged VLANs, and the link should be Trunk.
-
The default gateways for each VLAN device needs to change from 172.16.1.1 to 172.16.1.5 for this to work since you want the firewall to do the routing now.
-
For management, I believe that WSM V11.10.4 can manage a V11.3.4 and V11.3.3 firewall. https://software.watchguard.com/SoftwareDownloads?current=true&familyId=a2RF00000009GnEMAU If you need the firmware - Fireware - you need to contact Customer Care who should be able to give you a link to it, as it is no longer on the…
-
For the record, what XTM version are you running on your firewalls? Consider opening a support incident on this to get help from a WG tech on resolving this.
-
There is an X Edge 55e, but not an X Edge 550e
-
Also check if you have DNS forwarding enabled on your firewall. Look on the WIND/DNS tab. If so, DNS forwarding will be done prior to any of your policies, so you need to do what James indicated above to add a DNS policy which should be used.
-
I'm not aware of there being 2 different X550e hardware models. Are you sure that both are X550e models and that the error is that you are trying to save to a different hardware? What version of WSM Policy Manager are you using? If V11.3.4 and you are trying to save to an 11.3.5 firewall, then that is likely an issue.
-
I'm not seeing Policy Usage as an option for REPORTS > DEVICE on my Dimension 2.2 I think that I have all logging enabled. What am I missing?
-
You can post for desired features in the Product Enhancements section: https://community.watchguard.com/watchguard-community/categories/firebox-product-enhancements Product managers do look there, and may not look here.
-
What do you see if you use a web browser other than Chrome?
-
You can use SD-WAN to do this. Create a SD-WAN action to use the 2nd WAN connection and apply that on a policy to send the backup traffic to the cloud location.
-
Presumably your Deny policy has From: Any-external, which allows packets from whatever is connected to the external interface - usually the Internet. Also, reply packets are automatically allowed.
-
Supposedly WG will be rearchitecting the DNS forwarding feature upon which DNSWatch runs, which would allow the actual use of DNS proxies when that happens. I was told that this would be in a major release - such as V13, not a "dot" release, such as 12.8.
-
"unless you use Dimension or Cloud Visibility" or the old but still working WSM Log & Report servers
-
For the record, what Fireware version are you running? Are you at Fireware v12.5.4 or higher? If not, see this: WatchGuard retires the old Cyren spamBlocker engine https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000bqG2SAI&lang=en_US
-
open a support incident
-
I would expect you to have packets from 10.28.100.x go to the firewall to route to anything. "In the L3 Switch 10.28.100.0 should route to 10.28.104.0" If the L3 switch is doing routing between VLANs then you won't see the traffic hit the firewall - thus the firewall ping policy won't log anything for this test.