Comments
-
Hello Marsk, Yes. That certificate is listed under Trusted CAs for Proxies. What does your chain look like.
-
Hello pf, Filter for 13.67.188.117 in Traffic Monitor then try to ping/run your program to understand what's going on.
-
Hello Testman, Are you looking for the man page ? anything regarding a specific argument ?
-
Hello Simon, Please open a support case so we can understand if you're affected by the known issue. There's a new client being released in the next version which includes additional fixes.
-
Thanks. Clients and servers will always negotiate with the strongest available TLS version and ciphers as indicated in your simulated results. You should not be losing security points for simply supporting non-deprecated TLS versions or non-preferred ciphers. I've escalated your support case. A Support Engineer will reach…
-
Hello Bmax, Your certificate person is correct. Ciphers and all encryption is controlled by the web server. Could I get you to provide your support case number then attach a copy of the scan results to it ? thank you
-
Thanks Bruce. I take back what I said about not seeing these logs on my own Firebox. I'll get something logged to make sure these logs get moved to Debug. You got it.
-
Agreed. Cloud is lumped in within the Management component. Any of your components set to debug log level at the moment ? I don't these messages on my own Firebox with all components at error.
-
Hello Bruce, Daas is the Cloud agent on the Firebox. I would not expect to see these logs with all Firebox components' log levels set to Error. Those appear to be Debug type logs.
-
Hello Fer, The server is issuing an ESMTP command that either your proxy isn't configured to accept or the MTA is sending command in an unexpected order. You can use tcpdump** to capture the sequence. A set of arguments similar to below would work. -ni eth0 port 25 This will capture all port 25 traffic, assuming the first…
-
Hello ANC, If it's an unusual amount of false positives then please open a support case and have one of our techs investigate. Is it every day business type emails or newsletters/email notifications/etc.
-
Hello Bruce, I believe it's related to Log Search performance. On Dimension for example, the query cost is very high because the search is done across all raw log data. The same goes for Per-Client Detail reports.
-
Hello Kev, Authentication is required for Dimension to display usernames in reports. Make sure your logs have the src_user tag. *sample FWAllow, Allowed, pri=4, disp=Allow, policy=Internal-Policy, protocol=67/udp, src_intf=1-Trusted, dst_intf=Firebox, rc=100, pckt_len=349, ttl=128, src_user=Backend-Service@Any, 3000-0148…
-
Hello Brian, Graphs currently only show Free Memory which isn't accounting for allocated but available memory. We're working on addressing this in the near future. Here's an excerpt from the user guide that explains memory usage in a bit more detail. "...To understand how much available memory your Firebox has, review…
-
Hello Bruce, each "geolocation destination" log has a "geo" tag. You can use that to find all Geolocation deny logs. Something like this should work: geo:*
-
Hello all, Mobile with SSL 12.5.2 resolves this client crash. Please let us know if you see any issues on the new version.
-
A custom Firebox web server certificate won't make a difference here. Users will still see a warning because the certificate cannot be validated. The requested URL/domain is compared to the Subject in the Firebox's web server certificate.
-
Mark What happens if you step through the cert warning ? With GeoBlocked requests, denied traffic has to be redirected to the Firebox so users get the Geo deny message (where it functions in the filtering flow). With HTTPS sites, this throws in the Firebox's self-signed cert into the mix hence the cert warning. You can…
-
Hello JellyKid, "... Why doesn't WG match what's in Windows certificate store?...." Just like other vendors, WatchGuard utilizes a custom CA bundle. We try to keep the bundle as close as possible to bundles provided by mainstream browsers but there will be discrepancies from time to time. Intermediate certificates are the…
-
Hello JellyKid, Same issue as in this thread. https://community.watchguard.com/watchguard-community/discussion/comment/1481#Comment_1481 The issue is server side. You can fix it FIrebox side by importing missing intermediate certificates: -For https://www.firstservice.com, import this cert -For…
-
Hello, The size of the data disk should not influence how long the initialization wizard takes to complete. The initial database is very small and takes no time to setup. You might be running into a known issue* where the wizard will stall out on the password step when deploying on an Intel Xeon CPU based host.…
-
Hello Ronnie, We have this highlighted in the article related to the upgrade announcement.... https://watchguardsupport.secure.force.com/publicKB?type=KBArticle&SFDCID=kA20H000000fxtgSAA&lang=en_US
-
Hello all, These errors always indicate the proxy was unable to pre-validate the chain using certificates presented by the server and its own root CA bundle. Kind of like a browser would. The server is misconfigured. It is not sending the intermediate certificate in its response. 1 Sent by server www.matrixgames.com 2…
-
Hello all, We've been unable to reproduce the crash with the information provided in this thread so far. Please open a support case and reference this thread. thanks
-
Thiago, Connect to it via console cable, set putty to Serial connection with 115200 speed and boot. This will tell you why it won't reset. If you end up at the login prompt, log in and check out the config.
-
Hello Stephen, Make sure you're running the latest version of Dimension. https://watchguardsupport.secure.force.com/software/SoftwareDownloads?current=true&familyId=a2RF00000009On4MAE Correct. "Send a Log Message" is not required for accurate Dimension reports. It simply allows you to monitor policy traffic in Traffic…
-
You cannot pass-through TLS via SMTP proxy atm. We do have an enhancement logged to support it. To troubleshoot, I'd isolate checktls traffic (IP/IP network) in a packet filter policy and make sure you have TLS working with the internal mail server before introducing TLS to your SMTP proxy. "...do I also need to configure…
-
Hello CrazyCDN, Dimension operates in the UTC time zone. Current time under System Settings (as of v2.1.2 U1) and log display in the Log Manager are automatically adjusted to your browser's time zone.
-
That's exactly it Bruce. We're working on decoupling DNSWatch logging from DNS Forwarding. https://watchguardsupport.secure.force.com/publicKB?type=KBKnownIssues&SFDCID=kA42A00000016GtSAI&lang=en_US
-
Hello RClarke, DNS plays a big role in getting categorization requests out in a timely fashion. See below Kbase article with some things to check when troubleshooting the service. I would first check what other logs the service is emitting at the time. If your device is logging to a log facility such as Dimension, search…