Comments
-
Thanks @"james.carson" I'll try specifying the fqdn for Lets encrypt and see if that works. The official stance is that Let's Encrypt will not publish validation IP addresses due to their policy and security considerations.
-
@Bruce_Briggs This ended up being the cause. Thanks
-
@"james.carson" Can you take that as a enhancement request?
-
@"james.carson" Thank you
-
@Bruce_Briggs said: "Policy Manager has a number of features which are not in the Web UI, and the Web UI has a number of features which are not Policy Manager." That is my point. We should have features/functions parity of the policy manager and the web ui. I'm okay with being wrong, i'm willing to bet that more watchguard…
-
@Bruce_Briggs I know but a lot of us don't use the policy manager unless it's for something that is not available in the web ui. The web ui needs to catch up with the features/functions of the policy manager.
-
Thanks Bruce. I didn't relize that i let it fall so far back in versions. I was to follow the procedure and get it up to date.
-
@"james.carson" I'm late to the party here. I just found out about this and I don't like this cloud management option only. I get it, the cloud offers more features but i don't need that in my environment. I like the simplicity of GWC and that was what kept me deploying the WatchGuard AP's over all the other options…
-
@"james.carson" Did this ever get implemented and what is the status of that feature request?
-
@"rv@kaufmann.dk" I wasn't aware of that option since i don't use the FSM that often. I did look through the options but i didn't see what i am suggesting in that list.
-
The defect/enhancement reported is: FBX-17933
-
okay so it better to just configure the IPS to drop that or block?
-
How can i tell what signature is being hit? It just looks like port scans, I get alerts like the below Process: bw_driver Message: IPS match, Protocol: 6 Source IP: 45.146.x.x Source Port: 45522 Destination IP: x.x.x.x Destination Port: 443 Rule ID: 1138920, Action: drop Policy Name: HTTPS
-
Okay, i'll do that. Thanks Bruce.
-
I already tired rebooting. It doesn't work with the ui but it does work via the WSM.
-
Okay, i will check what you suggested
-
I was able to save the config to the firebox using the workaround, for some reason it worked when i did it from another machine with the system manager installed on it.
-
Okay. Thanks Bruce
-
I tried to deleting the ping rule and changing the version so i could save it but it still didn't work.
-
@James_Carson I didn't have to add any multi-cast to my switches to get this work. I've read all of the documentation and my m470's met the requirements. My reasoning for setting up the A/A cluster was because of the volume of traffic and the important of it all. At the end of the day, it's all working as it should.
-
@Nguyen_Dung Have you seen these articles? https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/ha/cluster_add_arp_entry_wsm.html https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/ha/cluster_example_cisco_wsm.html In my case all i needed to do was to stack my switches,…
-
I was able to get my A/A setup working. In my case i needed to stack the switches which basically turn them into a cluster just like the firewalls. I plugged into a interface on one of the switches and started a continuous ping from my laptop, then i unplugged the connection from the firewall to simulate a failure. The…
-
It seems like the A/A setup is rare for some reason and more people go with the A/P cluster setup.
-
Okay that’s good to know but both firewalls are actively routing and handling traffic if they are in a round robin right?
-
Yeah all i'm interested in is the Live Security and I can get the T70 new for about $600.
-
@James_Carson
-
So this is for my home/lab environment and i don't want to pay the $1000+ that it will cost for a brand new unit that would fit my needs. I have a symmetrical gigabit internet connection and over a dozen vlans so for these new units i would need a T40 and up. When doing a comparison it still looks like the T70 is a better…
-
Okay thanks @James_Carson
-
Okay thanks for the response @James_Carson
-
@James_Carson That worked.