Comments
-
HTTP & HTTPS proxy policies are the only ones for which you can create a message to the user for denied access. You need to have something which causes access to a web site to be denied to see the deny message. Example 1: HTTP Request -> URL Paths - set If matched = Deny, None matched = Deny Example 2: HTTP Response ->…
-
In Add Policy, double click or select the Add Policy button on the HTTP proxy policy to see the setup options. You can then, when desired, click on the Help button, which will take you to the docs page, so you can learn more about the various settings for that function.
-
One does with WG too, when a support rep responds.
-
You can set a custom deny message for HTTP access on a HTTP proxy policy. You would need to set the policy to Allow, From: the desired group/subnet/interface alias, and set the proxy options to deny all access - such as to deny all Content Types. HTTP-Proxy: Deny Message…
-
No, this is not normal in my experience
-
No
-
Q. can I add a 'Denied' rule to any external (internet) on this same rule? A. no - add a new policy denying To: Any-external with the appropriate From: setting. Move this policy above any other policy which might allow the From: setting access to Any-external Q. how do I add CMM to Trusted alias? A. you can't - Trusted and…
-
Do note that WSM Log & Report servers will be going away on the next major Fireware version - presumably V13.0 Dimension is the currently recommended WG log & report platform.
-
Are you connected to the cluster or to a specific firewall in the cluster?
-
It depends on what the exploit is. Care to give an example or 2? 1) it is possible that it is a false positive - and is thus not a real exploit 2) it is possible that this software has at that moment a signature for an exploit which at the time has not been yet added to the firewall IPS or GAV signatures Neither…
-
For a VPN connection, you will not be accessing a public IP addr. Verify your VPN policy on the firewall - that it will allow whatever UDP port is used or set up for this product.
-
You can't create a policy to allow broadcast packet across firewall interfaces. Also, there is no WOL Directed Broadcast function in Fireware. So you need a different solution, perhaps this: https://www.remotepc.com/help/windows/wol.htm
-
Also in Dimension Log Search, make sure that you select the ALL log message types option. The default is to only search for TRAFFIC type logs.
-
FYI, in WSM Firebox System Manager -> Traffic Monitor, you can set it to display up to 25,000 log lines. (right click -> Settings) The max size will happen if your have FSM connected for a long period of time.
-
You don't see anything in Traffic Monitor related to these failed VPN connection attempts ?
-
You can set up a log server. 1) a syslog server 2) Dimension 3) WSM Log Server - note that this will be going away in the next major release Set Up Logging and Reporting for Your Network https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/logging/set-up_logging-reporting_network.html
-
I'm not using AD for my SSLVPN connection. Here is what I see in my logs when entering an incorrect password: 2022-07-05 16:46:51 admd Authentication of Firewall user [[email protected]] from 10.0.1.2 was rejected, invalid credentials or user doesn't exist msg_id="1100-0005" Event 2022-07-05 16:46:51 wgcgi SSL VPN user…
-
Look up 1AFF0024 in the WatchGuard Log Catalog https://www.watchguard.com/help/docs/fireware/12/en-US/log_catalog/Log-Catalog_v12_8.pdf
-
"connect failed Connection timed out" - indicates that there is no session to 192.168.1.3, thus just annoying messages in your logs. Badly coded app on the TV.
-
Note that he does have a 192.168.0.x subnet already.
-
You won't see reply packets in the logs. You can do packet captures on the firewall which will show reply packets. Use TCP Dump for this. You can set advanced options to specify the IP addr to capture, etc. FSM:…
-
These look like log messages, which presumably are trying to be sent to a log server at 192.168.1.3
-
The firewall will route anything that is not a local IP addr out to the firewall's default gateway. However, your ISP should drop any packets destined to a private IP addr. So I would not obsess about this. This might be being caused by an app on your smart TV.
-
I have a few policies for a number of common ports which are scanned and have "Auto-block sites that try to connect" selected on that policy. At the moment, I have lots of IP addrs blocked for Telnet and SSH access attempts.
-
WSM = WatchGuard System Manager Policy Manager is a part of WSM. WSM contains a number of components.
-
From the software downloads site https://watchguardsupport.secure.force.com/software/ You can find it from the support site Support -> Technical Resources
-
Consider using WSM Policy manger to make changes such as this. With Policy Manager, no changes are made to the firewall until you upload a changed config to the firewall. You can make many changes using Policy Manager with no immediate affect on your firewall. With Policy Manager, configs are saved to disk on the WSM PC,…
-
Q. What happens if I change the interface type to VLAN? I would have to create a VLAN 1, by going to the VLAN page? A. yes - only defined VLANS can be on an interface type = VLAN Q. Then the uplink to the switches, since they're untagged now, I need to make the uplink port from the WatchGuard to the switch an untagged…
-
You can have the same VLAN on 2 firewall interfaces. Configure One VLAN Bridged Across Two Interfaces https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/vlan_example_1vlan_2switches_c.html You can have VLAN 1 be untagged with VLAN 5 being tagged on the same firewall interface. In…
-
I had no issues doing this config migration to a new firewall in the past. My GWC configured AP300 had no issues going from a T35 to a T20 in Jan 2020.