Comments

  • OK, downloaded new default cert from firebox and installed on PC and can apply content inspection. This issue is definitely with my AD CS using legacy encryption. I am going to look at installing the cert using group policy to all endpoints to get content inspection working, then I will tackle upgrading the AD CS. IT is…
  • Thanks for sticking with me on this Bruce, I appreciate the help and feedback. I deleted both certificates from the firebox and rebooted so it would create new default certs. All is working well now, but of course no content inspection. I verified that my AD is using legacy CSP and SHA1 even though I am on Server 2019…
  • Just for curiosity sake can you look at your cert and see if it is SHA1 or SHA2? I have even tried to install the cert on my PC and still get same error: NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM I verified that both certificates (Proxy Authority and CA Cert are both SHA1), both exported from AD DS.
  • Yes, I installed Local Computer -> Trusted Root. I am on domain computer. I thought installing a cert from my AD CS would be enough? Only non-domain computers would need to install the cert directly onto their PC, correct? When I look at the cert properties I see it shows as SHA1, shouldn't that be SHA2? Could that be the…
  • Funny thing is that even when I download the certificate from the Certportal and install on PC, I get same error when going to secure websites. If I look at the certificate details it shows SHA1, I think that may be issue. How would I fix that?
  • I went through that process and followed the video to create the certificate and have it in place. If I look at the Appliance certificates I can see the signed certificate for Proxy Authority that I created on my AD server. I am trying to avoid installing the certificate on all endpoints if at all possible.
  • Looks like jpg did not upload.... The error was: Your connection is not private NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
  • This is looking good! I checked with NPS server this morning and no Event #15. I was able to do an MFA verification using Radius and SSLVPN with no issues. I had been pulling my hair out for a couple weeks trying to determine what was causing this problem. Thanks James for the quick reply! Keeping fingers crossed this…
  • Well, I will let it sit until Monday and then check the event logs on the NPS server. A simple restart of the NPS service gets things back up and running, so it is not a crash per se. It appears that once the NPS server gets this malformed radius message it simply stops accepting requests made by the watchguard. I get the…
  • Now that is something that never would have popped into my head to check. I do have network discovery on and it takes a long time to complete before starting again so it may fit that timeline. I'll stop discovery for a while and see what happens.......only downside is that it will take 4 or 5 days to confirm :D Thanks, it…
  • Dumped traffic and inspected with wireshark to find the MAC of the next hop was a Juniper device. I went back to ISP and told them what i found and they investigated logs to find some irregularities. They issued an emergency release order early this morning for a device reboot and issue is now resolved. They gave me this…
  • tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 15:27:10.682004 IP X.X.X.X.48016 > X.X.X.X.25: Flags [S], seq 2784157583, win 29200, options [mss 1460,nop,nop,TS val 35525194 ecr 0,nop,wscale 7], length 0 15:27:10.721701 IP…
  • Yes, that should be the gateway of the External connection (Bell). This is exactly what I would expect to see, but when I do a tracert from the firewall it fails immediately. The IP of the gateway does not come up as 1st hop at all.
  • I had thought that as well, but shouldn't the firewall at the very least know the next hop is the external gateway? Even if it tried and failed....
  • Thanks for that James, it gives me a bit of a baseline going forward.
  • Just a quick update on this... I did update the firmware to latest version and of course did a reboot. All has been well since the update/reboot.
    in Load Comment by Phil June 2020
  • Thanks for that link, I read through all the posts but it doesn't seem to apply to my situation. I don't have a firecluster, not using access portal (ATM, but plan to), and I do use a NAT rule to allow RDP sessions direct to an RDP server. I do see the reference to new firmware and have seen the new release, guess I should…
    in Load Comment by Phil May 2020
  • So how can you pinpoint what processes could have become overloaded? I am trying to determine what policy could be having an adverse affect on load either by being too intrusive or too aggressive in scanning. I did find that my IDS was set to full scan instead of Fast (must have been extra paranoid that day). I made the…
    in Load Comment by Phil May 2020
  • I looked at that, but adding up the %'s doesn't seem to equate to the high load being shown on the front panel. Is there any way to see it in a log? Sometimes I will get a report from someone complaining, but when i get a chance to look at FSM things go back to normal. Also, is there a list of what each component being…
    in Load Comment by Phil May 2020
  • Running Version 12.5.3.B616762 Watchguard M470
    in Load Comment by Phil May 2020