Ralph

About

Display Name
Ralph
Joined
Visits
323
Last Active
Roles
WatchGuard Representative
Points
27
Badges
1

Comments

  • @jesseg No. Ideally you want to release the message to the end user then "Forward as Attachment", if using Outlook, to the submission address. Save As option saves a stripped down version of the message (similar to Outlook's Save As txt)…
  • Thanks for reporting. These were exposed in 12.6.2 and are harmless. You'll see these at log rollover which is around the 500K mark. Depending on your Traffic log activity, you may see this more frequently than others. Logged as a defect.
  • Hello Louis, In Firebox System Manager / Traffic Monitor Or in webUI, Dashboard / Traffic Monitor, filter for dxcp while trying to enable Dimension Command. This will shed more light on the issue. Dimension Management is pretty limited compared to…
  • Hello Kostas, You might be running into https://watchguardsupport.secure.force.com/publicKB?type=Known%20Issues&SFDCID=kA10H000000bp1LSAQ&lang=en_US Auth communication between the SSO gateway and the Firebox was the culprit here and requir…
  • Thank you Adrian, that's what we're exploring....
  • Hello xxup, Have you seen any more since yesterday ? We've had several GAV updates since. Ralph
  • Hello Mike, Ok, I figured this out. There's a data discrepancy between NA and EMEA analyst data. We're getting the vendor to investigate....I'll keep you posted
  • Hello Greg, The certificate is used for registration with Cloud. It is created at the registration time. There should be two certs created atm. One with a Pending status and one with Signed status. You can ignore/delete the pending one. It's a def…
  • Hello Mike, Thanks for testing. There's always a reason for everything :) I'm looking into this. There must be a disconnect somewhere with getting the info out of the service.
  • Hello Mike, We'll get this logged as an enhancement to simplify integration of MS policies/exceptions. Ralph
  • Ok, thanks Mike. Looks like the result might be coming from the local AV cache given it's the same task ID. Try clearing it from the CLI: cache-flush scan I had the file re-analyzed and it's definitely benign. The file 89e8aef291ba8f41d5b797f64…
  • Thanks Mike, That one was picked up yesterday as malicious because of that "invoices" link inside the file. Wondering if the Privacy popup with custom privacy options is tripping this. Do you have logs from day ? I'd like to get a more …
  • Hello Mike, Could I get you to grab the md5: and the task_uuid: from the logs...
  • Hello Mike, The "invoices" link inside the PDF was identified as a malicious URL. Fake invoices with phishing links are super common. Let us know if you see any others...The sample you submitted was reclassified as benign.
  • Hello Chaos, "..so that dimension will hopefully run better because right now its dreadful...." Feel free to log a support case. The database may need a tune. The default settings (not exposed at the moment) might be inefficient for thi…
  • Hello GRD, Cannot replicate here. Direct WSM download link: http://cdn.watchguard.com/SoftwareCenter/Files/WSM/12_5_3/wsm_12_5_3.exe Both, the SHA1 hash and the installer, check out. Let us know if you're still seeing this and any other details …
  • Yes, that's the plan to accommodate "multiple email servers behind a single Firebox" environments...
    in SMTP with TLS Comment by Ralph April 21
  • Via Content / Proxy actions...you can now select which Proxy Server certificate you want to use. See Policy Manager / HTTPS proxy / Select .Server based action / Set action to Inspect. Now, you can select which Proxy Server certificate you want to…
    in SMTP with TLS Comment by Ralph April 20
  • The OP's question was "...As the new FW supports multiple proxy certificates how is a certificate selected for use with explicit TLS over SMTP?.... " The multiple certificate support only applies to HTTPS and not SMTP. For SMTP, the prox…
    in SMTP with TLS Comment by Ralph April 20
  • You don't select which certificate you want to use for SMTP. It uses the Proxy Server certificate by default. And as Bruce suggested, you would use the SMTP server's certificate+private key by uploading it to the Firebox as the Proxy Server certific…
    in SMTP with TLS Comment by Ralph April 20
  • Hello, HTTPS only at this time. For SMTP, the proxy will use the default Proxy Server certificate. Either default or custom.
    in SMTP with TLS Comment by Ralph April 20
  • Hello Dominic, support for integrated AuthPoint is coming in a future release. At this time the gateway or similar is required for MFA control.
  • Has anyone tried setting the client's log level to debug, as suggested earlier ? This changes internal timing between components and may help here. A new client is being released next week.
  • Check out the Device / Authentication report. Try setting quotas to get data used. Setup a daily Managed Task for the Firebox / User Authentication report.
  • Ah ok. I'd suggest using the Tech Search to make sure your search covers all resources: docs, kbase articles and known issues. https://watchguardsupport.secure.force.com/SupportSearch/ "The HyperText Transfer Protocol (HTTP) 400 Bad Request r…
  • Just verified that we have this doced https://watchguardsupport.secure.force.com/publicKB?type=Article&SFDCID=kA10H000000g2kaSAA&lang=en_US
  • Doug, Check out below for application logs C:\ProgramData\WatchGuard\AuthPoint\logs
  • Hello Greg, Domain Name rules are domain based and are matched against the SNI or CN, if SNI isn't available. URL style patterns will not match in this instance. We're working on a fix. You'd have to create a Deny Domain Name rule to block the exa…
  • @Bruce_Briggs The suggested workaround would only cover one of the two requirements. /* would not work in a Domain Name rule since we're only matching against the SNI, CN or IP. These are different from standard WebBlocker or HTTP proxy exceptions. …
  • Hello Bruce, Let's concentrate on just one rule. As noted by the OP, "....the proxy is allowing the connection becuase login.microsoftonline.com is in the predefined content inspection exemption list......". If we disable the pre-defined …