Bruce_Briggs
About
- Display Name
- Bruce_Briggs
- Joined
- Visits
- 3,007
- Last Active
- Roles
- No Roles
- Points
- 485
- Badges
- 7
Comments
-
Do you have a ping policy near the top of your policy list?
-
please post a sample deny message from Traffic Monitor
-
Did you look at the Policy Manager -> OS Compatibility setting options? You will need to change from "12.0 - 12.5.x" to "12.6 or higher"
-
Here is a comparison of the 3 models: https://www.watchguard.com/wgrd-products/appliances-compare?pid1=3025&pid2=8811&pid3=26071 The T80 is a desktop model, whereas the others are rack mountable. If the specs of the T80 seem to fit your nee…
-
Yes. Please read the WG doc on doing this, from the link that I posted above. It explains exactly what you need to do.
-
Opps - sorry about that - new key into new firewall, using Policy Manager.
-
What are the reason codes for these 2 deny log messages? You truncated the log message - so the reason is not shown The 2nd deny seems to be covered in Step 1: Set up outbound ports for media traffic: "For media (audio and video), set up outbound U…
-
. the NPS server config - yes, and also in AD . the IKEv2-Users authentication configuration - no, but you need to add the Group name in Authentication -> Users and Groups as a RADIUS Group
-
Yes you do. You need to change the firewall model, & import the new Feature Key - using Policy Manager. Read the doc in my link
-
Just move the config to the new firewall. Move a Configuration to a New Firebox https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/basicadmin/config_file_use_new_model_wsm.html
-
Not sure why this doesn't work for you. Consider using an additional (new) group for this user and specifying that group name on the policy instead of the user ID.
-
For non-Virtual BOVPNs, the BOVPN allow policy is essentially for the private subnets at the other end of the BOVPN, so I would not expect that a Deny to Any-external would block this traffic. I believe that the same is true for Virtual BOVPNs. Howe…
-
Time for a support incident. If you have not rebooted your firewall recently, consider trying that. For unknown reason, it looks like userId=testaccount session gets deleted. Line 101: 2021-02-10 10:54:21 m470-fw2 sessiond OK! del sess succeed, se…
-
Yes, the debug level logs will show up in Traffic Monitor.
-
The firewall keeps a limited amount of log records internally. I use WSM Firebox System Manager -> Traffic Monitor. One can set it up to show up to 25,000 log records (right click -> Settings). FSM needs to be running to get the log records fr…
-
You can turn on diagnostic logging for authentication which may show something to help: . Policy Manager: Setup -> Logging -> Diagnostic Log Level -> Authentication or . Web UI: System -> Diagnostic Log Set the slider to Information or…
-
For example, look at the "WatchGuard Subscription for Firebox M270 Models" section near the bottom of the list here to see SKUs for individual security product for a M270: https://www.guardsite.com/Firebox-M270.asp
-
Some product licenses are available individually. Which ones are you interested in, and for what firewall model?
-
WIPS is also just as useful if you only have WG APs. https://www.watchguard.com/wgrd-products/access-points/wips
-
You need to provide a lot more info. What firewall model do you have? Have you registered it with WG? What do you mean by "accessing my computer", and from where?
-
Without some log entries showing what is happening, including the errors, it is sort of like asking "how come my car won't work" without providing more info.
-
Have you reviewed this? Perhaps it can help. Sophos XG Firewall BOVPN Virtual Interface Integration Guide https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/General/Sophos_XG_BOVPN_virtual_interface.html You can turn…
-
You can turn on diagnostic logging for IKE which may show something to help: In WSM Policy Manager: Setup -> Logging -> Diagnostic Log Level -> VPN -> IKE In the Web UI: System -> Diagnostic Log Set the slider to Information or higher
-
Expired should not be an issue. Expiration Column for Branch Office VPN Tunnels should show Never on the Feature Key in Policy Manager or the Web UI. Is any access from the XTM to the Internet working? If not, reboot the ISP device at that end and …
-
Also, there is a real Feature Key on the XTM box, correct? If not, then BOVPNs won't work/
-
Is any access from the XTM to the Internet working? If not, reboot the ISP device at that end and try again.
-
How many IP addrs does your AD server have ? Normally you should not have it connected to multiple VLANs - just to 1 VLAN - as routing issues can result with multiples. Depending on where your VLANs terminate, make access from various VLANs to the A…
-
I understand that which is why I said "which seems similar". Since you are stuck, you could try using Policy Manager from WSM V12.3 and see if that works.
-
It looks to be using NAT (NATT) - what is in front of either end of the firewalls which is doing NAT ? What do you see on the other firewall's logs related to IPSec?
-
Sounds like a bug. Consider opening a support incident on this.