Ralph

About

Display Name
Ralph
Joined
Visits
160
Last Active
Roles
WatchGuard Representative
Points
16
Badges
1

Comments

  • A custom Firebox web server certificate won't make a difference here. Users will still see a warning because the certificate cannot be validated. The requested URL/domain is compared to the Subject in the Firebox's web server certificate.
  • Mark What happens if you step through the cert warning ? With GeoBlocked requests, denied traffic has to be redirected to the Firebox so users get the Geo deny message (where it functions in the filtering flow). With HTTPS sites, this throws in th…
  • Hello JellyKid, "... Why doesn't WG match what's in Windows certificate store?...." Just like other vendors, WatchGuard utilizes a custom CA bundle. We try to keep the bundle as close as possible to bundles provided by mainstream browsers…
  • Hello JellyKid, Same issue as in this thread. https://community.watchguard.com/watchguard-community/discussion/comment/1481#Comment_1481 The issue is server side. You can fix it FIrebox side by importing missing intermediate certificates: -For ht…
  • Hello, The size of the data disk should not influence how long the initialization wizard takes to complete. The initial database is very small and takes no time to setup. You might be running into a known issue* where the wizard will stall out on …
  • Hello Ronnie, We have this highlighted in the article related to the upgrade announcement.... https://watchguardsupport.secure.force.com/publicKB?type=KBArticle&SFDCID=kA20H000000fxtgSAA&lang=en_US
  • Hello all, These errors always indicate the proxy was unable to pre-validate the chain using certificates presented by the server and its own root CA bundle. Kind of like a browser would. The server is misconfigured. It is not sending the intermedi…
  • Hello all, We've been unable to reproduce the crash with the information provided in this thread so far. Please open a support case and reference this thread. thanks
  • Thiago, Connect to it via console cable, set putty to Serial connection with 115200 speed and boot. This will tell you why it won't reset. If you end up at the login prompt, log in and check out the config.
  • Hello Stephen, Make sure you're running the latest version of Dimension. https://watchguardsupport.secure.force.com/software/SoftwareDownloads?current=true&familyId=a2RF00000009On4MAE Correct. "Send a Log Message" is not required fo…
  • You cannot pass-through TLS via SMTP proxy atm. We do have an enhancement logged to support it. To troubleshoot, I'd isolate checktls traffic (IP/IP network) in a packet filter policy and make sure you have TLS working with the internal mail server…
  • Hello CrazyCDN, Dimension operates in the UTC time zone. Current time under System Settings (as of v2.1.2 U1) and log display in the Log Manager are automatically adjusted to your browser's time zone.
  • That's exactly it Bruce. We're working on decoupling DNSWatch logging from DNS Forwarding. https://watchguardsupport.secure.force.com/publicKB?type=KBKnownIssues&SFDCID=kA42A00000016GtSAI&lang=en_US
  • Hello RClarke, DNS plays a big role in getting categorization requests out in a timely fashion. See below Kbase article with some things to check when troubleshooting the service. I would first check what other logs the service is emitting at the …
  • Hello there, Please review the Memory section on below page. It describes memory usage in detail and what numbers to monitor. ".....A low MemFree value does not indicate a problem with Firebox performance or resources. The total available mem…
    in Memory usage Comment by Ralph June 21
  • Hello Brandon, Usually indicates an incompatibility issue with the SFTP server. See similar Known Issue with Freesshd. https://watchguardsupport.secure.force.com/publicKB?type=KBKnownIssues&SFDCID=kA4F0000000fxb8KAA&lang=en_US What's your…
  • Hello Doug, This file has all the ingredients to be RAR-5 format which GAV cannot detonate at this time. If you still have the sample, you can confirm using a RAR archive analyzer or if you prefer, open a support case and we'll verify it for you. P…
  • Hello Darrin, No. We're just a proxy. Only Mail Transfer Agents aka email servers aka email relays are responsible for issuing NDRs (The last MTA that accepted a message for delivery). So, if an email is blocked because of a rule on the proxy, the …
  • Ah, nm, Thanks Bruce. I looked specifically for the duration=599 example. That explains why i couldn't find it. We'll get the Log Catalog updated...thanks for the suggestion.
  • Hello Bruce, It's a persistent connection. A policy match won't be logged unless a new connection is opened to the destination. If you disable/reenable cloud logging, you'll see an Any from Firebox policy match emitted in the Traffic Monitor.
  • Hello Brian, If you'd like raw data access to create your own reports that what xxup suggested is the way to go. To get an overview of activity on a Firebox, check out the Executive Dashboard. You can compare data historically by adjusting your St…
  • Hello, If you have limited Traffic Monitor real estate, you can hide parts of logs that you're not interested in by changing their display colour to black. Right click / Settings / Traffic Monitor tab.
  • Hello Bruce, FWAllowEnd logs are emitted behind the scenes to your log facility (eg. Dimension) to indicate an end of a connection. The duration value is logged in seconds. Could I get you to provide a direct link to that Log Manager page ? I search…
  • Hello Doug, By default, Dimension will utilize 95% of the data disk at which point it'll start to purge the oldest log/reporting data. During deployment, 20% of the data disk is reserved for temp reporting tables and database maintenance. With the …
  • Looks like a left over directory from a failed backup. Can you try removing it and re-attempt another backup for the same time period.
  • Hello Greg, See below kbase article on how to best protect your network against malware. https://watchguardsupport.secure.force.com/publicKB?type=KBArticle&SFDCID=kA2F0000000QBnRKAW&lang=en_US
  • Hello Greg, There's a separate GAV action to handle password protected attachments. Set the 'When content is encrypted' action to Allow to avoid password protected attachments from getting locked.
  • Hello Greg, Apply spamBlocker actions to outgoing SMTP traffic to stop spam from leaving your network. Ensure incoming web and SMTP traffic is filtered by WatchGuard Subscription Services. See the following kbase article: https://watchguardsupport…
  • Hello Greg, Sure can. Setup an SMTP proxy forwarding rule for your internet based SMTP traffic to the cloud service. See kbase article for more details: https://watchguardsupport.secure.force.com/publicKB?type=KBArticle&SFDCID=kA2F0000000XZDQ…
    in Webmail spam Comment by Ralph May 2018
  • Hello Greg, The default Dimension web server certificate is generated by the WatchGuard Agent and the certificate's Subject does not include any verifiable information. Your web client would not be able to validate the chain of trust even if you we…