Comments
-
Hello there, Please review the Memory section on below page. It describes memory usage in detail and what numbers to monitor. ".....A low MemFree value does not indicate a problem with Firebox performance or resources. The total available memory for the Firebox is the combined value of MemFree, Cached, and Buffers....."…
-
Hello Brandon, Usually indicates an incompatibility issue with the SFTP server. See similar Known Issue with Freesshd. https://watchguardsupport.secure.force.com/publicKB?type=KBKnownIssues&SFDCID=kA4F0000000fxb8KAA&lang=en_US What's your SFTP server ? Pull the diagnostic file (System Settings / Diagnostics / System…
-
Hello Doug, This file has all the ingredients to be RAR-5 format which GAV cannot detonate at this time. If you still have the sample, you can confirm using a RAR archive analyzer or if you prefer, open a support case and we'll verify it for you. Please password protect the file before attaching. We're working with our dev…
-
Hello Darrin, No. We're just a proxy. Only Mail Transfer Agents aka email servers aka email relays are responsible for issuing NDRs (The last MTA that accepted a message for delivery). So, if an email is blocked because of a rule on the proxy, the sending MTA gets a response back (eg. a permanent 5XX reject) and acts…
-
Ah, nm, Thanks Bruce. I looked specifically for the duration=599 example. That explains why i couldn't find it. We'll get the Log Catalog updated...thanks for the suggestion.
-
Hello Bruce, It's a persistent connection. A policy match won't be logged unless a new connection is opened to the destination. If you disable/reenable cloud logging, you'll see an Any from Firebox policy match emitted in the Traffic Monitor.
-
Hello Brian, If you'd like raw data access to create your own reports that what xxup suggested is the way to go. To get an overview of activity on a Firebox, check out the Executive Dashboard. You can compare data historically by adjusting your Start/End dates.
-
Hello, If you have limited Traffic Monitor real estate, you can hide parts of logs that you're not interested in by changing their display colour to black. Right click / Settings / Traffic Monitor tab.
-
Hello Bruce, FWAllowEnd logs are emitted behind the scenes to your log facility (eg. Dimension) to indicate an end of a connection. The duration value is logged in seconds. Could I get you to provide a direct link to that Log Manager page ? I searched the current Log Manager and Log Manager PDF and do not see this example…
-
Hello Doug, By default, Dimension will utilize 95% of the data disk at which point it'll start to purge the oldest log/reporting data. During deployment, 20% of the data disk is reserved for temp reporting tables and database maintenance. With the default data disk size of 40GB, ~31GB will be used to store logs and summary…
-
Looks like a left over directory from a failed backup. Can you try removing it and re-attempt another backup for the same time period.
-
Hello Greg, See below kbase article on how to best protect your network against malware. https://watchguardsupport.secure.force.com/publicKB?type=KBArticle&SFDCID=kA2F0000000QBnRKAW&lang=en_US
-
Hello Greg, There's a separate GAV action to handle password protected attachments. Set the 'When content is encrypted' action to Allow to avoid password protected attachments from getting locked.
-
Hello Greg, Apply spamBlocker actions to outgoing SMTP traffic to stop spam from leaving your network. Ensure incoming web and SMTP traffic is filtered by WatchGuard Subscription Services. See the following kbase article: https://watchguardsupport.secure.force.com/publicKB?type=KBArticle&SFDCID=kA2F0000000QBnRKAW&lang=en_US
-
Hello Greg, Sure can. Setup an SMTP proxy forwarding rule for your internet based SMTP traffic to the cloud service. See kbase article for more details: https://watchguardsupport.secure.force.com/publicKB?type=KBArticle&SFDCID=kA2F0000000XZDQKA4&lang=en_US
-
Hello Greg, The default Dimension web server certificate is generated by the WatchGuard Agent and the certificate's Subject does not include any verifiable information. Your web client would not be able to validate the chain of trust even if you were to add the signing root certificate to your client's CA store. To get rid…