Comments
-
Notice that this is UDP port 443, not TCP port 443. You probably don't have a policy allowing UDP port 443. Probably this is QUIC, used by Chromium based web browsers. As I want to use the HTTPS proxy for my outgoing HTTPS, I block QUIC on the firewall. One can usually disable the use of QUIC in web browser settings.
-
It was on my 21H2 list.
-
This is a question for Microsoft. Nothing any of us can do about this. It either shows or doesn't in Windows Update, and we have no control over it either way.
-
Look here: https://www.catalog.update.microsoft.com/Search.aspx?q=KB5010793 from the Release Channel section, here: https://support.microsoft.com/en-us/topic/january-17-2022-kb5010793-os-builds-19042-1469-19043-1469-and-19044-1469-out-of-band-f2d4f178-5b36-49cb-a6fd-4bf9857574f9
-
And yes, I can connect with L2TP too. I have not tried IKEv2
-
From the docs: You cannot manage WatchGuard Wi-Fi 6 APs with a Gateway Wireless Controller on a Firebox. If you are looking for information about how to manage an AP130, AP330, or AP430CR in WatchGuard Cloud, see About Wi-Fi in WatchGuard Cloud…
-
For the standard BOVPN setup, you specify the pubic IP addrs of the BOVPN endpoints in the Gateway setup, and specify the local & remote IPs/subnets in the BOVPN Tunnel settings. Look at the 1-to1 NAT BOVPN option. Configure 1-to-1 NAT Through a Branch Office VPN Tunnel…
-
It was in my list for a 21H2 and a 20H2 PC.
-
KB5010793 was in my optional updates list prior to noon EST 1/18/2022.
-
For a specific UDP port, list or range of ports, you can create a custom packet filter for the port(s), add it as a policy, set to Deny, with Logging disabled. For all UDP ports, add the predefined UDP packet filter, as above.
-
No other brand can be managed by a WG firewall. And it seems that the latest versions of the WG APs can only be managed by WG Cloud and not a WG firewall.
-
Great news. When you have more questions - just ask.
-
You can try the latest version of WSM, but I'm not sure that it will help. First use Policy Manager to get the current config from the firewall instead of opening the one that you saved from the Web UI. Then try saving that back to the firewall - an unchanged one, and see if that works OK. If so, then make your needed…
-
Confirm what WSM version you are using. "If you try to save a configuration file to a Firebox running Fireware v11.12.2 or lower with Policy Manager 11.12.4 or later, you could see the warning message: The Fireware OS version on this device does not support the Spanning Tree Protocol. These settings will be removed. Do you…
-
Action = Allow
-
Review this: Run the WSM Quick Setup Wizard https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/installation/qsw_noweb_about_wsm.html
-
You need to allow the 2 Content Types on your POP3 proxy action in Content Types. Specify an Exact Match on the new Allow entries for application/pdf and for application/vnd.ms-tnef
-
A winmail.dat attachment is caused by Outlook when users select Rich Text format for the sent mail. The SMTP proxy and the POP3 proxy do not cause a winmail.dat attachment. The SMTP proxy can strip a winmail.dat attachment. I have not seen a POP3 proxy strip a winmail.dat attachment or a .pdf file, so I don't have an…
-
+1
-
You can use the CLI. Do you need to keep this config? If so, do have a saved config on disk? If not: 1) try saving the config using the Web UI - System -> Configuration File 2) save one using the CLI Then do a Factory reset, run the QuickSetup wizard so you know the Read/status and Update/admin passwords. Import the saved…
-
Exactly what are you trying to do? launched how? 192.168.10.1 is a private IP address, and should be local to your site.
-
Set up a DHCP reservation for that MAC addr, and then control the access for the reservation IP addr. You can add policies for a specific IP addr or groups of addrs to control desired access.
-
Do you have an external interface defined in your config? That is the only way that I know of to be able to get a default gateway which is not a firewall interface IP addr.
-
You could change from Bridge VPN Traffic on your SSL VPN setup to Routed VPN Traffic. This should give you a default gateway on the firewall, not on the WAN router.
-
Those packets are already being blocked. If you goal is to prevent them from actually getting to your external interface, then you can't. If you just don't want to see the spoofing log message, then you can clear the Drop Spoofing Attacks check box in Default Packet Handling - which would potentially allow the packet if it…
-
Try this - assuming that 192.168.2.0/24 is not used in your config . add 192.168.2.2/24 as a Secondary IP addr on external . add a Dynamic NAT entry - From: Any To: 192.168.2.1; Set source IP addr = 192.168.2.2. Move this entry to the top of the Dynamic NAT list Let us know if this works.
-
Consider opening a support incident
-
Look at Web UI -> System Status -> Routes I have an entry near the bottom for my SSLVPN subnet 192.168.222.0/24 tun0 0.0.0.0 U 0 Do you have something similar? When I tracert to 192.168.222.4 - a not connected SSLVPN IP addr, my tracert does not go out to the Internet. I'm running V12.8 beta, but I would not expect the…
-
You can the status here: https://status.watchguard.com/ status Americas Region Performance Degraded Identified - We have identified an issue in the status of AuthPoint Gateways that started at approximately 12:20 UTC on 2021-12-29. The authentications are not impacted, but the status and installation of new Gateways are…
-
If access to the building climate control monitoring device is desired from the Internet, then you can use SNAT if the public IP addr has been added to the firewall external interface as the primary or secondary IP addr. You can use 1-to-1 NAT for a non-primary public IP addr which has not been added as a secondary on…