James_Carson
Hello WatchGuard Community users,
If you need personal or confidential support, please create a case by clicking the support center link on the top right of this page, and creating an online technical support case.
I am unable to provide support via PMs in the forums.
Thank you,
-James Carson
About
- Display Name
- James_Carson
- Joined
- Visits
- 795
- Last Active
- Roles
- Moderator, WatchGuard Representative
- Points
- 248
- Badges
- 5
Comments
-
@Potski 4104/TCP is the port the firewall uses for the wireless hotspot feature in order to do redirects on HTTPS. https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/hotspot_custom_page_c.html If that feat…
-
Hi @T_Crook How each part of Authpoint works is a bit different, so it'll depend on what portions you're specifically using. There's an overview of AuthPoint here: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/abo…
-
Hi @dowens81625 The SSLVPN app doesn't support scripting -- but it may work for you. I'd suggest that you look into the OpenVPN client (available at openvpn.net) which does allow the client itself to run a script after connecting.
-
Hi @WGM The FTP proxy only supports regular FTP. FTPS and SFTP will need to use packet filters.
-
Hi @DaBa The firewall itself won't see any difference between a thin and thick client -- they're all client devices as far as it's concerned. It may be helpful to see what the VPN diagnostic messages are saying when the thin clients can't connect:…
-
Hi @KThomas There aren't any updates on this in the two months since the last comment. If you'd like updates on the status of that feature request, please open a support case and mention FBX-14281. The support rep that is assigned the case can se…
-
Hi @notesguru99 Are you using the Authpoint IDP portal, or Access Portal on the firewall itself? If you're using access portal, check that the user matches exactly (bob isn't the same as [email protected], isn't the same as BOB.) If you're using ID…
-
@Bruce_Briggs sorry, didn't catch the incoming part.
-
Hi @TimPoutler If you're running into a max recipient problem, I'd suggest looking to see if your mail server has a setting to break that message into multiple emails. Even if it did get past the firewall, with 200+ recipients many receiving MTAs …
-
Hi David, The KB article here should help: https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000g2vmSAA&lang=en_US Office documents are just zip files (you can even open them in winzip, 7-zip, etc.) -- they'll always show up…
-
Hi @CarolT You can set up as many as you wish, up to all four of the mobile VPN options. If two specific users out of all users are having connection problems, it may also be helpful to troubleshoot the connection from their end. If the issue is …
-
Hi @Chaospinhead The culprit here would likely be a config conversion from below 12.5.x to 12.5.2 or better. In order to see what's colliding/causing the issue, we'd need to see the logs from when the device itself upgraded. The end result will …
-
Hi @Cowlitz Reverse proxy is an access portal feature that's designed to protect internal webpages by proxying them via the firewall via the access portal feature (which also requires the user to authenticate via that feature.) Reverse Proxy is us…
-
Hi @RyanLeighton If you haven't done so already, I'd suggest creating a support case with the requirements you'd need for such a feature. We can get a feature request set up based on that and assign it to your case (which we're not able to do here…
-
Can you get to the SSLVPN download page if you type in https://1.2.3.4:4443/sslvpn.html or https://yourdomain:4443/sslvpn.html If you aren't able to get here the SSLVPN also won't be able to connect.
-
Hi @RVilhelmsen Cloud managed devices will already have a license for Dimension Cloud. Are you requesting that they be able to log back to a on-premise Dimension server?
-
I'd suggest checking that the LAG mode is set to the same thing on both the switch and the firewall. Firebox supports the following modes: Dynamic (802.3ad) All physical interfaces that are members of the link aggregation interface can be active. …
-
The log here says that policy webblocker.xyz is working via exceptions. This means the option is set to deny any site unless it's explicitly allowed. Is google allowed in either a category -or- exception here in webblocker.xyz. If it's just in in…
-
Hi @Abertay There isn't a problem insofar as I'm aware. Checking my test accounts, everything seems to be fine. If the issue persists, I'd suggest opening a support ticket under the account you're seeing that on so that our team can look into it.
-
Hi @BorisS If you're seeing that log, that's the domain that the firewall is reading off of the certificate that's being presented. In this case, the cert may not have a domain. Making an FQDN rule may still help, but if you're not getting anywhe…
-
The difference between the M270 and T80 are mostly going to be in subscription service scanning. AntiVirus, IPS and HTTPS are all doubled on M270. If you're looking at just packet filters, without those services, they're very close to each other.…
-
Hi @BorisS I'd suggest trying to make an HTTPS packet filter. In the from area, use any-trusted or the computer you're testing from, and in To, use a FQDN of the two sites. If that doesn't work, there may be other sites you need to make exception…
-
I'd suggest taking a look at the article here: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/bovpn_vif_use_cases_c.html We've got several scenarios with example configs that might work for you.
-
Hi @BrandonH75 The SSN sensors in DLP require a hit count of 10 in order to trigger that rule. (Security Portal - Data Loss Prevention) https://www.watchguard.com/wgrd-support/security-portal/dlp-rules [the two most commonly used ones are 83 and 8…
-
Hi @RVilhelmsen The Agent takes queries from the firewall and identifies a user using one of the methods listed (Event Log Monitor, Client, Exchange Monitor.) The Client sits on a client machine and identifies what user is currently logged in when…
-
I don't have any running examples of this, but most instances I've encountered are specific to the firebox routing video traffic (h323) for videoconference type units. I'd suggest looking into what types of multicast your chosen devices support -- …
-
Hi @RVilhelmsen Event log monitor is a bit of a resource hog -- it's literally (trying to) parse the event logs on every single machine and on your servers to determine what users are logged in. In networks with over 100 users, this starts to get …
-
@Catweazle30169 Thanks for posting your solution. I'm glad they were able to help!
-
Hi @phanaaekIT I'd suggest opening a support case for this -- there's quite a bit of information needed to troubleshoot, and our support team will be able to help more effectively via case. You can do this online by clicking the support center lin…
-
@ConnectNow You'd need to remove that token on the service that supplied it, and deploy a new one. There's no way to reach out to the device with regular OATH tokens.