Display Name
Last Active
No Roles


  • Thanks for the response James, always appreciated :) I've only got 2 firewalls to worry about, so I may just switch both of them to unmanaged, uninstall the existing server and re-install it fresh. Presumably this will have the same effect? Would there be any way of preserving/carrying over the configuration change history…
  • 12.8.2 - same as what I used with the test VM fresh install
  • Just to circle back, syslog (for me) is just the flint that sparked the question. I see utility in being able to use the gateway address for lots of things. The enhancement request is more generally for SNAT actions that can listen on trusted interface addresses (plus an option to listen on all firebox address). Cheers!
  • I think one of us is missing something here. If I could create an SNAT action that listens on a trusted interface address, i could do something like this: Firewall Addresses (mock-ups): External-1: External-2: VLAN (VLAN10)-Trusted: VLAN (VLAN11)-Trusted: VLAN…
  • Hi James, Thanks for that - I use NAT loopback on some SNAT policies already for some internal services that are also internet accessible, but it would be a lot nicer to be able to specify the gateway address rather than a public IP for internal-only services. Is there a technical reason that SNAT is not allowed to come…
  • Came here to report the same issue and cause, but looks like you lot beat me to it - SMB in particular was not happy, although pinging and DNS seemed to work fine. Disabled IPS on a few select policies on a hunch and blam, everything started working again.
  • Just to follow up - I figured out what the problem was. I had recently removed an no-longer-required alias that contained the subnet the target firebox was in from an outgoing any-port TCP/UDP packet filter policy that was not intended for outgoing management connections, but it was apparently functioning as such. The…
  • I use these switches for my silent deployment: /silent /verysilent /Components=main,tapdriver /tasks=desktopicon Also, because the SSL certificate for openVPN is required to successfully install the TAP adapter, even though it's specified above, I deploy it with group policy before I deploy the VPN package. -Chris
  • +1 for client side certificates - we already deploy computer authentication certificates for WiFi/RADIUS internally, so it would be lovely to use the same certs with the VPN client.
  • In addition to being able to specify the server at deployment time, I'd really like to see some support for pre-login connection so that group policies can be applied to the user. Although, knowing openVPN, i'm not sure that's realistic without compromising security. As far as deployments go, I use the following switches…
  • You'd think after years of reading the watchguard boards, i'd remember to include the device and XTM version with questions :D 12.5.2 on an M270 - I did read in the documentation that upgraded versions of previous build configurations would default to RADIUS as the domain name, but was not sure that not using the explicit…