Comments
-
My EDR Core update is failing & causing a reboot after the failure - thus I am still getting the update pop-up. Working with support on this. Will post any resolution.
-
We need more info. Is this for Authpoint or for the firewall authentication applet on TCP port 4100 or SSO ? If the authentication applet, what is causing it to be needed? A policy From: authenticated users?
-
You can't. You can set up a Blocked Sites Exception for an IP addr.
-
Add the remote subnet (24.25.26.0/22) to the BOVPN Tunnel Local/Remote entries at each end.
-
Create a support case and select Customer care, tell them what happened, and ask them to restore this device to your account for you.
-
And, if you haven't done so already, consider opening a support case if the above changes don't help.
-
This is a change to help with MTU issues related to packets going via a BOVPN. Since we don't know the real reason for what you see, this is just to try to eliminate one possible cause. In the past, WG support has suggested these changes when there were problems with HTTPS sites which were being accessed via a BOVPN. From…
-
Also, try this: On the external interface, in the Advanced section, change the Don't Fragment (DF) bit Setting for IPSec from Copy to Clear
-
Try changing the Global setting, Networking section, TCP MTU Probing from Disabled to "Always enabled", and see if that helps. Define Firebox Global Settings https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/basicadmin/global_setting_define_c.html
-
-Endpoint 1 - Received 'main mode' exchange type. Expecting aggressive mode. This says that the other end (Vigor) is expecting your end to be Main mode not aggressive in Phase 1. -No matching tunnel route for peer proposed local:192.168.0.0/24 This suggests that your Tunnel setting do not match what is set up on the Vigor.
-
https://www.watchguard.com/wgrd-blog/subscribe-email Select the item(s) of interest. Note that new release e-mail announcements normally come out some time after the official release, sometimes as much as several weeks. For example, I received the following e-mail on 4/9, but the release came out on 4/4. Not too much of a…
-
Remove the $true after SplitTunneling It doesn't seem to be needed from the MS docs. I modified the WG setup AddVPN.ps1 file and then ran the WGIKEv2.bat file for 2 other VPN configs, but not one for this goal. The ones that I added: . split tunneling . domain name suffix
-
I see the 3 AI options in both WSM Policy Manager & the Web UI, running V12.10.3 There is this fix in 12.10.3: . After you upgrade WSM, Policy Manager now includes the latest WebBlocker categories. [FBX-26290]
-
Works for me, including the below format, using V12.10.3 Firebox System Manager: -I eth0 94.140.15.15 result from dns.adguard.com
-
Note that you can have multiple subnets at each site - so the main subnet a 1 site could be .245.0/24 while there is small .254.x/? subnet at it too.
-
You are switching from a bridge setup to a routing setup. In a routed environment, nothing for the local subnet will be routed anyplace else. NAT won't help to get from a .254.x subnet to a different location with a .254.x IP addr. One would need to send packets to a different subnet than .254.x to get packets routed to a…
-
The P2P link needs to be connected to each firewall for this to work, not via your switches.
-
Could be that you need 2 different policies - 1 for internal access & 1 for external access. SD-WAN should only be used on policies where the traffic is expected to go out an external interface.
-
In WSM Policy Manager, there is an Edit -> Find option, which allows one to search policies for: Address (IP,, Network, User, Alias, FQDN, etc.), Port number, Protocol, Tag This is in addition to be able to sort on the columns, such as Protocol, Policy Name, From, To, Port, etc.
-
No. What FireWire model do you have? And what are the specs on the leased line?
-
Sure. The key is specifying a SD-WAN action on a policy, which could be for a single IP addr
-
To me, that is a lot of frame & error counts
-
Just a few, or a lot? If just a few, don’t get overly concerned
-
Looks like the China's firewall is blocking this connection. I have no idea if any WG VPN will work
-
Not that I have seen. Try changing or re-entering the desired key again via copy & paste to both locations.
-
Per https://ipinfo.io/ 200.200.200.2 is in Rio Brazil This also shows Brazil: https://www.ip-tracker.org/lookup.php?ip=200.200.200.2
-
200.200.200.2 is from Brazil. It is your external interface IP addr? For the record, what Fireware version are you running?
-
Check Traffic Monitor for denies. That is the primary way to see what is being denied by the firewall.
-
Check Traffic Monitor for denies from the AP IP addrs when Outgoing is disabled/removed. That should give you a clue as to what port(s) the APs need. Probably some sort of call home function Perhaps this? https://community.zyxel.com/en/discussion/3449/nebula-trouble-when-adding-ap-to-nebula
-
In the Web UI, when you select a specific connection, there is a Delete Connections option, in Red. Try it.