Comments
-
@"james.carson" Thanks. I don´t know what the files are and did not think of this. I will check it out. /Robert
-
Yes. Looks as there is something wrong with definitions files the firebox downloads even though fireware reports image valid for the files, if i turn up logging.
-
Thanks for your answer. I am asking because i lost all my tokens on my phone yesterday, and had a WG hardware token for my most critical logins except WG cloud. To be fair i opened a support case and got new e-mails to assign SW tokens after 1½ hour later so good service. /Robert
-
@Bruce_Briggs Same vlan id 3 and on the same fysical interface.
-
it´s a known issue https://techsearch.watchguard.com/KB?type=Known%20Issues&SFDCID=kA16S000000bz1jSAA&lang=en_US
-
I´ll do
-
@NickDaGeek If you made the same error as me setting up remote fireboxes as SSO clients then this is not supported. This was what caused my CPU to spike and the program in th end to halt. This was even when all required ports was open between the networks. In fact WG SSO solution is only a local firebox solution and do not…
-
@"james.carson" Thanks. That would be much more easy if the firebox supported it when the firebox also do all the routing.
-
@"james.carson" Well, it started working later last night as a portion of my T20 devices have been upgraded with succes.
-
@"james.carson" Thanks, i upgraded the box just to be sure.
-
@Bek We are running a medium on VMWare with 10gbit speed which is performing very well. Just be aware there is a HA cluster issue causing the vrrp ip address to be active on both the active and passicve unit which causes HA not working. /Robert
-
@"james.carson" Thanks, this make sense.
-
@"james.carson" Ended up using tcpdump which showed me this error: VSA: t=MS-CHAP-Error(2) l=16 val=\000E=691 R=0 V=3 I am not sure what caued it in the end, but i went over all settings in AuthPoint and NPS and at the same time got MS-chapv2 enabled in NPS, and now it is working from my Apple device. The nps logs did not…
-
I dig deeper. Thanks.
-
Thanks
-
@"james.carson" Support narrow it down to downstream switch issues with vlan to the WG mgmt interface. /Robert
-
Yep, if i have one FSM open with cluster view, i get disconnect all the time and if i at the same time has a FSM open to the primary member with cluster view this FSM session works without disconnection. This is related to FSM and cluster view.
-
@"james.carson" I´ll do. Do you know what this error means when connection with ikev2 and authentication is done through Authpoint to MS NPS? 2023-09-07 21:35:20 admd ready to end authentication session with error code 38 admd RADIUS: retrieve VP:MS-CHAP-Error(20381698) I have a feeling it has something to do with group…
-
@"james.carson" Thanks. My issues is the groups assigned to users in the Authpoint portal (in this case my self) seems to change from time to time when a sync from ldap AD are done (every 30 minuttes) when the user(s) are member of multiple groups in AD. I think this happened after i upgraded AuthPoint gateways to…
-
@Victor_Renard I had WG disable TCP TSO on the fireboxes VIF. The second tso was disabled selective ack´s started working normal again. This setting does not survive a firebox reboot and i had this running for quite some time. End the end i upgraded the firmware to a newer version and have not seen this issue since. In the…
-
Thanks. I´ll take a look at that. /Robert
-
Thanks
-
Okay, somehow my EDR Core client had managed to block a dll file despite it´s configuration was to audit only. FACTORY_PROFILE 0x01012009 PSNMVAg_ITEM_PUSSERVICELEVEL 0 0 audit 1 hardening 2 lock Uninstalling WatchGuard EDR core and forcing a sync solved it.
-
It says it´s blocked.
-
Hi @David_Carro I believe, i am running the last and greatest, no updates available. Version 8.0.21.0004 Agent version 1.20.0000 /Robert
-
The same number as the provided TDR licenses which you can see from your feature key.
-
Why are we seeing a old ssl version, tls_version="SSL_0
-
Ahh,sorry. What if you change the bgp destince default route to a lower value or the same as the static route? Maybe this overrride the static routing. /Robert
-
Hi @Mury I don´t know much about bgp or ffr, but maybe a deny rule preventing importing the default route, if it is possible to do this in fireware? https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-stop-default-route-inject-into-routing/ta-p/232185 /Robert
-
Same here. Logging is related to the serial number so this is gone and configration files in wsm, i belive is related to a index number, so they are also lost.