Comments
-
Good morning Paddleboat21 My name is Ryan and I work with the Support Engineering team at WatchGuard. I can try to answer some of your questions and maybe steer you in a slightly different direction when it comes to Automation policy templates. Fireware 12.5.x devices cannot fully participate in ThreatSync. The function…
-
Good morning, Multiple WatchGuard customers and partners have reported the suspicious behavior to the support team with a lot of similar questions. IN response we have published the following knowledge-base article. https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000BcPmSAK Ryan Tait | Support Engineer…
-
Other Aliases are ones that you have created. If you need to manage your firebox remotely consider a secure VPN instead of adding dynamic IP addresses to the From: field of a policy.
-
You do not need to change the "WatchGuard SSLVPN" policy. The WatchGuard SSLVPN policy is the policy that allows remote users to connect to your SSLVPN.
-
The detection tools in WatchGuard System Manager and on the detection site will function with any logging level. There is no need to increase log levels for these to work. Ryan Tait | Support Engineer WatchGuard Technologies, Inc. | www.watchguard.com Office Hours: 5:00AM - 2:00 PM (Pacific Time), Monday - Friday.
-
The Web UI upgrade function has been temporary disabled. The webUI upgrade will still work but you have to download the sysa-dl file from https://software.watchguard.com for now. We plan on re-enabling the web UI upgrade in a few days. Ryan Tait | Support Engineer WatchGuard Technologies, Inc. | www.watchguard.com Office…
-
Hi Robert, James and I have your case now. There will be a request for a bunch of information posted to it shortly.
-
It looks like we have a few issues being discussed here. @drnet, If you've opened a support case send me the details and I can look into it. Fireware 12.7.2 did not change anything with DNSwatch. DNS_PROBE_FINISHED_NXDOMAIN is an error displayed by the browsers and will not appear in any firebox log. I'm somewhat skeptical…
-
This is kind of a weird one. The AV exclusions are there to prevent TDR from interfering with the scanning function of the Antivirus engine. We don't want TDR scanning updates for AV or scanning the AV engines temp files as its doing its job, and we don't want the AV engine doing the same thing to TDR. Our APT provider had…
-
trust.cdc.gov is something different, It looks like it requires a client certificate. I get that same message here when I try to access the site with just a packet filter. Open a case with the support team and we can work with you to see what is happening Ryan Tait | Support Representative WatchGuard Technologies, Inc. |…
-
Good morning In Fireware 12.4 we introduced TLS 1.3 support. Some websites that advertise TLS1.3 are not being handled by the proxy properly. The problem is being tracked as FBX-16143/FBX-16203. When a fix is available to the public it will be listed in the release notes with one of these bug numbers. The PFS thing is a…
-
Good morning, In general, the TDR host sensor will use more CPU on active systems like servers. As a first step, identity the locations of high process and file activity and create exclusions for those directories. Examples would be, Database server directories, install and content directories for high use applications,…
-
The TDR host sensor creates hidden directories in several locations on the file system. Documents folder, Desktop, c:\ and a few other locations. These folders contain files for the host sensor to monitor for suspicious activity and are required for Host Ransomware Protection to work. The files can't be deleted. If you…
-
The TDR host sensor creates hidden directories in several locations on the file system. Documents folder, Desktop, c:\ and a few other locations. These folders contain files for the host sensor to monitor for suspicious activity and are required for Host Ransomware Protection to work. The files can't be deleted. If you…