Greggmh123

About

Display Name
Greggmh123
Joined
Visits
1,988
Last Active
Roles
No Roles
Points
119
Badges
3

Comments

  • Ricardo, what does WatchGuard recommend as a best-practice setting for the CyberCon level?

  • I don't know if my resolution will help anyone who needs iPhone printing across VLANs because my client's network setup is a T35 running 12.5.7 U2, Ubiquiti UniFi wireless access points, and a Xerox C8135 printer, as outlined here in mDNS for communications over VLAN Comment by Greggmh123 May 6

  • I have my VPN target in my domain's public DNS as (an example) vpn.greggspublicdomain.net and "vpn" is actually a CNAME in my domain's public DNS. I have DynDNS as my dynamic DNS handler. The "vpn" CNAME points to the DynDNS FQDN that I use for m…

  • (Quote)

    Doug,

    The reason I brought up the certs is that you said "...these policies have been in place for a long time now and always worked fine, with no changes to them what so ever. Suddenly now they don't."

    That's why I won…

  • I have never tried it, but does Application Control work on inbound connections?

  • I understood that you are "looking to block access from known VPN service providers IP subnets", but I thought you meant that you wanted to protect Microsoft 365 from those subnets, so yes, I did misunderstand you a bit!

  • Now that you have the status password, you can save the current config to a file using Policy manager. Also record the current firmware level and the feature key. Then you can factory reset it, restore the feature key, upgrade the firmware to wha…

  • I find it difficult to believe that the previous owner cannot remember the name of who did their IT support...probably just doesn't care, but it's the same effect on you.

    Have you looked on local computers/servers for the WatchGuard Syste…

  • Regarding my "unless you run all inbound email through your Firebox before it reaches M365 servers or your M365 logins run through your Firebox" comment, I know nothing about the Access Portal, so I don't know if it is supposed to block logging i…

  • What kind of "business email compromise involving an O365 tenant" did you have happen? I am assuming that someone's email account got compromised directly (usually through IMAP spray & pray attacks) or through a phishing email. If that is tru…

  • Doug,

    Content Inspection needs the "Fireware HTTPS Proxy" cert to be installed on any device going through DPI-enabled proxies in order to work without getting warnings. Is there any chance that "Fireware HTTPS Proxy" cert expired or got …

  • (Quote)

    I started having my issues with DNSWatch on April 20th and posted here at 11:35AM Pacific time. I finally gave up and just disabled DNSWatch.

    A protective service that is unreliable is not a good service. The multiple times I h…

  • Well, this just gets even more weird. I deleted www.techradar.com from the whitelist, and I was able to reach the website afterwards.

    I think I am done with DNSWatch because it causes nothing but problems every time I enable it.

  • What is even more confusing is when I click Actions > Domain Information, it says:

    Access to www[.]techradar[.]com is allowed.
    Categories:
    Information Technology

    So, DNSWatch says it's allowed, but it blocks it!

  • I had to reboot my T20-W running beta firmware and then I could get to the DNSWatch console. I was having a problem with reaching www.techradar.com and getting this message:

    www.techradar.com has been blocked by DNSWatch

    When I lo…

  • "I first expand it to 16384 in the proxy action"

    What is "it" that you expand?


    "I then switch off the option "Set the maximum URL path length to " and the error is still there."

    Maximum URL path length and header lin…

  • Mine are working from California.

  • It gets worse. I tested with another WG user in a country outside the USA, and I got the same Geolocation message, BUT I also was able to connect to his web server using Telnet to port 80. I should NOT be able to access ANY port on his firewall w…

  • Wow! Geolocation on the WAN really should just drop inbound connections. I wonder what it shows to a remote user for other ports.

  • It only gets worse as we get older!

  • I found the Report > Content Filtering Requests tab, but the "Filtered Requests from Content Filtering" page does not show the reason for the block. All of the other sites on that list DO show why, for example, Parked Domain, Potentially Unwan…

  • I emailed Ryan on April 2nd right after I made that post and suggested he also come here to explain, which he did on the 4th as you can see above.

  • I Have Frontier FiOS fiber and had the tech set it up on the ONT's Ethernet jack for using a standard CAT5E network patch cable vs. a coax connection. Once the tech was done, I disconnected their router and plugged the cable from the ONT directly…

  • A correction to my "This comment is wrong" statement above. If you are referring to the PUBLIC IP address, then No, you cannot just set a public IP on your Firebox' WAN side.

    If you mean can you set a static PRIVATE IP on your Firebox' WA…

  • (Quote)

    This comment is wrong: "So I can configured a fixed ip address on my watchguard WAN interface even though my ISP gives me a dynamic public ip address range?"

    If your ISP provides you with a PUBLIC dynamic IP address, that is wh…

  • From what you described, your firewall likely would have a private IP on its Ext interface, which as Bruce noted, can be seen in the web UI or in WSM Firebox System Manager (my preference). That is NOT a deal-breaker. While getting the ISP to put…

  • "The GPO works for Chrome, Edge, and Firefox" was meant for the disabling of DNS over HTTPS. However, for QUIC, the GPO works for Chrome and Edge.

  • The blocking of QUIC in the firewall via not allowing UDP 80 & 443 handles all devices. I just wanted to reduce logs of frivolous stuff on the LAN and potentially make a slight speed increase, so I added the GPO. Users' phones are all on an i…

  • Bruce,

    I block QUIC on the firewall as I noted, but I also do it on LAN devices so I don't get a bunch of denied messages in FSM traffic monitor. I use group policy to disable QUIC in Chrome. I also have a theory that it speeds up the bro…