Comments
-
Same here. I´m still very addicted to WSM and probably will be for quite some time yet.
-
If i remember correct virtual ip is nessesacy, if you need gre enabled in the tunnel.
-
Hi all The issues was related to different traffic was routed out with different public ip addresses.
-
Your right .. my mistake.
-
After some more debugging i think it comes down to different NAT base ip address the client present itself with as we have quite a few different policies weither the traffic are from a certain remote location, and if it´s a proxy or filter policy. I identified some filter policies which could lead to a client being…
-
Some traffic must go through my WG proxies in the case with Autodesk as CF denieds some data send to the destination. It have tried using other public ip nat base and using only pakket filters to all autodisk domains except some Google domains. Hitting the url going through my WG fireboxV throws:…
-
My though is, it´s caused by asymmetric routing from my side to the end destination. I will do some tests where i route all traffic through the sd-wan.
-
I think you are right as the last log i see at 13:13:29 is: ProxyMatch ProxyDeny: HTTP client request timeout pri=6 disp=Deny policy=HTTPS-proxy-Internal-networks-OUT-00 protocol=https/tcp src_ip=1.2.3.4 src_port=51304 dst_ip=23.40.108.128 dst_port=443 src_intf=WebshopAarhus dst_intf=External-ACL-21672 rc=595 src_user=USR…
-
Well, i could not find any other traffic bening denied - but i could be wrong as there quite some traffic going on here.
-
If your ISP do not block or brake the ike protocols you can use a bovpn tunnel where Local gateway on the "client" end is setup to use tunnel authentication by domain name and you also configure dynamic DNS in the network settings matching the tunnel authentication domain name. If this do not work, i thing the only option…
-
@HeadofAuthPoint What is the roadmap when Microsoft deprecate all versions of ntlm in the next version of WIndows client and server. /Robert
-
Hi @"james.carson" This is with content inspection turned on in https proxy policies and i do sd-wan from all my remote sites through these proxy policies and i´l see this from every remote location. Of cause i do not have content inspection turned on on my AD polices so a false positive here is okay, but with the rate of…
-
I stopped using WG EDR as we had to many weird issues with the product. We are running Sentinel One og Heimdal Security without issues on both servers and workstations. /Robert
-
@"james.carson" Thanks. I don´t know what the files are and did not think of this. I will check it out. /Robert
-
Yes. Looks as there is something wrong with definitions files the firebox downloads even though fireware reports image valid for the files, if i turn up logging.
-
Thanks for your answer. I am asking because i lost all my tokens on my phone yesterday, and had a WG hardware token for my most critical logins except WG cloud. To be fair i opened a support case and got new e-mails to assign SW tokens after 1½ hour later so good service. /Robert
-
@Bruce_Briggs Same vlan id 3 and on the same fysical interface.
-
it´s a known issue https://techsearch.watchguard.com/KB?type=Known%20Issues&SFDCID=kA16S000000bz1jSAA&lang=en_US
-
I´ll do
-
@NickDaGeek If you made the same error as me setting up remote fireboxes as SSO clients then this is not supported. This was what caused my CPU to spike and the program in th end to halt. This was even when all required ports was open between the networks. In fact WG SSO solution is only a local firebox solution and do not…
-
@"james.carson" Thanks. That would be much more easy if the firebox supported it when the firebox also do all the routing.
-
@"james.carson" Well, it started working later last night as a portion of my T20 devices have been upgraded with succes.
-
@"james.carson" Thanks, i upgraded the box just to be sure.
-
@Bek We are running a medium on VMWare with 10gbit speed which is performing very well. Just be aware there is a HA cluster issue causing the vrrp ip address to be active on both the active and passicve unit which causes HA not working. /Robert
-
@"james.carson" Thanks, this make sense.
-
@"james.carson" Ended up using tcpdump which showed me this error: VSA: t=MS-CHAP-Error(2) l=16 val=\000E=691 R=0 V=3 I am not sure what caued it in the end, but i went over all settings in AuthPoint and NPS and at the same time got MS-chapv2 enabled in NPS, and now it is working from my Apple device. The nps logs did not…
-
I dig deeper. Thanks.
-
Thanks
-
@"james.carson" Support narrow it down to downstream switch issues with vlan to the WG mgmt interface. /Robert
-
Yep, if i have one FSM open with cluster view, i get disconnect all the time and if i at the same time has a FSM open to the primary member with cluster view this FSM session works without disconnection. This is related to FSM and cluster view.