James_Carson

Hello WatchGuard Community users, If you need personal or confidential support, please create a case by clicking the support center link on the top right of this page, and creating an online technical support case. I am unable to provide support via PMs in the forums. Thank you, -James Carson

About

Display Name
James_Carson
Joined
Visits
583
Last Active
Roles
WatchGuard Representative
Points
138
Badges
2

Comments

  • Hi @Sinbomb Full instructions on how to set up Office365 w/ Authpoint are here: (Office 365 Integration with AuthPoint) https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/Office365-AuthPoint.html If you're…
  • Hi @WideRangePaul Like bruce mentioned, there are enhancements in the newer VPN client versions -- if you're running an older version (you can see it on the bottom of the login screen for the VPN) you'll want to upgrade. There's no need too upgrad…
  • Hi @xxup The firebox uses gzip to try and unpack (deflate) any compressed archive it thinks might be an archive. Depending on your settings, it'll log and allow or deny (or lock, or quarantine in some cases) the file. The file you're looking at d…
  • Hi @Muzixs In that case, role:responder means that the other side of the tunnel is initiating the renegotiation/rekeying. The WatchGuard is just logging that it's happening. Take a look on the other side to determine why it's restarting the tunne…
  • Hi @xxup The only way we (Authpoint) can enforce logout is via the logout link that we (the IDP) provide to the application (wordpress.) I'd suggest trying to make a feature request on that end (with wordpress, or whichever saml plugin you're usin…
  • Hi @Greggmh123 Turn the scrollback up. https://imgur.com/a/8wE2xCo It's also in the support file from the firewall under \support\firewall\fqdnd_cache_dump.txt
  • Let us know what support says. For FQDN, you can see what the firewall currently has cached in the FQDN table by typing on the CLI: diagnose fqdn "/fqdnd/cache/dump" (it's a weird command, the quotes in the middle are part of the command.…
  • Hi @wad11656 By CWM do you mean connectwise? The firebox itself is what has the connectwise integration -- the APs are either managed in the cloud, or by the firebox. The data you posted is just the feature key -- or the license for the firewall. …
  • Hi @jesseg I've created a feature request for you -- that is AP-711. If you'd like to follow progress on this request, please make a case in our support portal, and mention AP-711 -- the tech can set that up for you. The next step is for it to be…
  • Hi @Staj We don't have anything like this available. We support editing the firewall's configuration via WatchGuard System Manager, Fireware WebUI, or the firewall's CLI.
  • Hi @Greggmh123 The line was consolidated a bit, from 4 to 3 devices in the tabletop lineup due to customer feedback. They're also a new generation of devices. if you have suggestions for new products, I'd suggest posting in the product enhancemen…
  • Hi @jester Blocked sites notifications are the same for any IP that ends up as blocked. I'd suggest disabling notifications (in setup -> default threat protection -> blocked sites, click logging, un-check "send notification.") I'd…
  • @MartinS @Greggmh123 @JTrout The firewall gets group information for RADIUS via FilterID (Radius attribute 11) -- it's likely that we weren't getting that if the error message you posted "user [email protected]@RADIUS isn't in the authorized SSLVPN grou…
  • Hi @NetworkWise In real world performance, T80 will be faster, especially for things like IPSEC VPNs and running content inspection (which some people refer to as DPI.) -- when standing them up against each other with synthetic benchmarks, the num…
  • @AdrianL @Staj If you need something changed, PM me what it is, and I can have our IT department that moderates the forms do it for you. Unfortunately, the account integration with our account/ticketing causes some permissions issues that caused t…
  • Hi @notleyhigh None of the WatchGuard VPN clients will auto-connect, as they all require you to authenticate. Once connected, all have an auto-reconnect feature, that would effectively keep the connection online. The Premium WatchGuard IPSec clie…
  • Hi @NetworkWise You should be able to transfer it over so long as both devices are on your account. You'll need to open a customer care case in order to do that (either via the phone or in the support center portal.) Subscriptions are moved by do…
  • Hi @NetworkWise the sw interfaces are virtual interfaces that move data between the firewall's physical interfaces. Some models have more than one interface module (like the M200/300 where ports 0,1,2 are one, and 3-7 are the other, and the M4600/…
  • Hi @jesseg I'd be happy to enter a feature request, however: The APs are limited to 8 SSIDs due to the amount of time the radio needs to spend sending beacon and other required traffic. Increasing that number could negatively impact AP performance.…
  • Hi @grahamo There isn't a hard limit, but the database, at that size, would have a very hard time keeping caught up with transactions happening. I honestly wouldn't recommend more than ~25 fireboxes per for the older windows log/report server. I …
  • Hi @kevwit You'll need to ensure that content inspection is turned on in the HTTPS proxy, and that your browser is not trying to use the QUIC protocol (How to prevent connections from Chrome browsers that bypass WebBlocker and SafeSearch restricti…
  • Hi @Cpagroup Removing the NAT IP from the protected IPs would remove that IP from getting responses from DNSWatch. If you're using DNS forwarding on the firewall, you may wish to disable that, as it will globally forward all DNS lookups, regardles…
  • Hi @xxup There appear to be a few plugins for WordPress that add SAML functionality, but it does not appear to support it naively. If you were to add one of these services, using the generic SAML instructions for AuthPoint should be all or most of…
  • Hi @Bruce_Briggs @Greggmh123 Authpoint issues have been resolved, you should be able to access anything as normal. If you're still running into issues, please let me know and I'd be happy to look into it.
  • Hi @Carl If turning off the windows firewall allows the traffic, that means the windows firewall is blocking that connection. You'll need to make that setting change on the windows firewall. There should be an option to allow file/print sharing o…
  • If you continue to run into issues, there's quite a few things that might be going on -- I'd suggest opening a case so that a technician can look at your situation more closely.
  • Hi @Carl By Default, the Allow SSLVPN-Users policy will allow an authenticated SSLVPN user to any trusted, optional, or external network resource. If you'd like to allow traffic the other way around, you'll need to make a policy to allow this. Yo…
  • Hi @Logan5 Custom is just an interface type that isn't part of any alias. You can use the custom type as many times as you want, and it will not be able to talk with any other custom network unless you make an explicit rule allowing it to do so.
  • Hi @Logan5 Custom is just an interface type that isn't part of any alias. You can use the custom type as many times as you want, and it will not be able to talk with any other custom network unless you make an explicit rule allowing it to do so.
  • Hi @Logan5 Most work is going into cloud management and cloud managed API functions -- it's unlikely a robust feature like that would be added to the WSM app.