Bruce_Briggs
About
- Display Name
- Bruce_Briggs
- Joined
- Visits
- 2,188
- Last Active
- Roles
- No Roles
- Points
- 358
- Badges
- 6
Comments
-
James - MAC addrs can also be blocked on Interfaces - except for Bridge interfaces
-
Opps - my error. From: Any-external is correct. Change the To: field from Firebox to 24.173.163.4
-
What do you see in Traffic Monitor when you try the connection now?
-
Seems like you have tried all of the obvious workarounds. For the record, what XTM version are you running? If you have a current support contract, consider opening a support incident on this.
-
The default setting for the auto-created WatchGuard SSLVPN policy From: field is Any-external, not a specific external IP addr. If you want to limit the SSLVPN clients to only access desired IP addrs, then you need to modify the WatchGuard SSLVPN po…
-
Try using NAT loopback for this access - or access the portal using the private IP addr of the portal server. About NAT Loopback https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/nat/nat_loopback_c.html
-
If you have a current support contract - time for a support incident - to get help in understanding this.
-
As I recall, your web browser will try to use the lowest TLS version it and the web site supports. You can change Firefox and IE to use a higher level of TLS. Here is an older article on doing this, but I believe that it is still correct. How to C…
-
Also, depending on your XTM version, you can set up Link Monitor on external and select Measure Loss Latency & Jitter You can see if there are issues related to these on the SD-WAN tab of Firebox System Manager.
-
Sorry, no. You can look at WSM Firebox System Manager -> Status Report -> Interfaces section and look at the stats to see if there are errors or collisions etc. on the external interface. This may show something or may not. Sometimes throug…
-
"Specify allowed resources" is a split tunnel method, which is riskier than "Force all client traffic through tunnel" as the client can be connected to the Internet and to your LAN at the same time. However Internet access will u…
-
Yes.
-
You either need "Force all client traffic through tunnel", or you need "Specify allowed resources" with the desired subnets. The 2nd option does not include remote subnets such as at the end of a BOVPN.
-
system manager = Watchguard System Manager (WSM) - Policy Manager
-
If the BOVPN tunnel is from your WG firewall to some other device on the Internet - yes this is possible. You need to add the SSLVPN virtual subnet to the BOVPN Tunnel settings on each end. Allow Mobile VPN with SSL Users to use Resources Through a…
-
Tunnel an IPSec connection within a SSLVPN connection ? Not that I can see. What is your goal?
-
If you are logging to Dimension, you can look at Reports -> Traffic -> External, to see a graph which will show the max upload & download data transfer amounts and the data transfer rate, during a 10 minute periods, for the selected time p…
-
Correct.
-
Use of type Trusted for this interface may be the cause of some of your issues
-
From the following post, it appears that the "Use Default gateway on remote network" option on the IKEv2 network adapter is created when the powershell method is used. It is not set when following the manual method. https://community.spi…
-
No, I found it on the shelf below the milk, towards the back, near the relish ;-) Admin requirements are caused by the OS provider - MS & Apple. Presumably to prevent the average user to not do really stupid/bad things. Do note that admin pr…
-
From the docs, in the circle with an I in it section: "If you manually configure the client, we recommend that you configure a default-route (full tunnel) VPN. In Windows 10, you might need to change the IPv4 adapter properties for the IKEv2 V…
-
Depending on your XTM version, you can use Policy Based Routing or SD-WAN to force selected traffic out the desired WAN interface with optional failover. Perhaps this meets your needs. About SD-WAN https://www.watchguard.com/help/docs/help-center/e…
-
Please explain more about the firewall port to which the AT&T user is connected. What type is this set to: Trusted, Optional or Custom? Custom would be the best option. That should prevent any access to anything else on your LAN. You would nee…
-
Perhaps these: Troubleshoot AuthPoint https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/authpoint_troubleshoot.html AuthPoint Mobile App Error Codes https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/…
-
Opps - sorry. I put my firewall behind the FIOS router. I am not aware of a way to have a WG firewall in front of a FIOS router. Just add a consumer grade AP behind your firewall, or live with Wifi from the FIOS router.
-
I did this exactly at my last house. It was straight forward - just set up external for DHCP, and it should work with the default settings on the firewall. What issue are you having?
-
Most likely: SP = Security Policies SA = Security Associations Verify that the Phase 2 setting match at each end. If you have not done so already, you can turn on diagnostic logging for IKE which may show something to help: In WSM Policy Manager:…
-
An XTM 1250e is a Firebox X Core e-Series firewall. The oldest WSM version on the downloads web site is V11.10.4 V10.2 is VERY old - it came out in 2008, and does not support the full Web UI access, which started in V11. Since this unit is so old, …
-
Your XTM version is almost 3 years old. There have been many fixes since your version. Anything obvious in Traffic Monitor when this happens? Does this A T & T client use IPSec? If so, have you selected the "Add a policy to enable outbound…