Display Name
Last Active
No Roles


  • @James_S512 One possibility to be a bit more secure would be to have an AD group that is connected to Okta for access. There are a bit more options for Okta than there is for AuthPoint. We have a number of credentialed accounts (healthcare) where we have no option but to have multiple people in multiple locations access an…
  • This is security right? So, each person gets their own key. Or (and I would not allow this) just have your MSP be in an AD group that does not require 2FA.
  • @Bruce_Briggs The fact is if either side would work with DNS the tunnel should come to life. I would toss up an image of the one that I have with the double NAT....but, I cant get into the box from the outside ;-)
  • I have never seen an instance where DDNS has not worked...this may be the one.
  • No one uses SIP-ALG, no one. In general you need a packet filter for the needed ports to the IP's or FQDN of the IPT vendor (or system). A common one... TCP and UDP 5060->9 UDP - 10,000-30,0000 UDP - 5222 And depending on other things, well, other things. 80 and 443 are already handled in theory. I also create an alias for…
  • I think they are overcomplicating it. If either of your WG devices has a static IP (or DDNS) you can simply create the tunnel with domain settings (even with out a domain controller). I have even had that work with the remote side (dynamic) on a double NAT.
  • Well, finally got around to this yesterday - the Feature Key update did work with 12.8...now that they are working, I have about 40 days to take them all out and put in our new Meraki APs (waiting on a lift - fun times).
  • IMO, because when they setup their systems they figured everyone wold be "Enterprise" and put folks on different VM servers or server centers. It oddly is FAR easier to go from a T20 to an M5800 in about 90 seconds than it is from one V to another V.... I don't get it. Nothing you can do.
  • IMO, and after having done new devices time and again (and speaking MANY times with WG support). Make your interfaces VLAN, you end up with many more options in the end.
  • You are going to need to bridge it - however, just yesterday I connected a T40 via BOVPN to an M390 -through- a NAT device...I know, this is supposed to be impossible. I do have the T40 in Dynamic IP Address mode and with a key for Domain - gave me a bit more time to get in touch with Cox communications to get their device…
  • Found online - https://forums.att.com/conversations/att-fiber-equipment/bgw320500-bridge-mode-andor-ip-passthrough-question/6026fd40eda6ec07a853e0da
  • Biggest question - your ATT gateway is fully bridged and/or is simply a connection to the internet, not a NAT device, right? And, you can connect (a) or more VPN's to any external interface and external interfaces can have more than a single IP assigned to them...and, you can have as many external interfaces as the…
  • I would look hard at what your actual utilization is and what feature sets you run - if you ask WG sales you need a M290 in an office with like fifteen people in it...sales is sales. Conversely, the T15 should have never existed....
  • Sure you can. Setup the external interface as DHCP (duh). When you create your VPN tunnel in VPN->Branch Office Gateway you simply tell it that your side (or the other) is DHCP and enter in a 'domain' name (this can be anything you want, it does not need AD or anything behind it). As long as the DHCP side knows the IP…
  • Is that wrong? Yes - somewhere the tunnel is breaking (albeit for a short time) as the IP does change at some point. That can not be avoided. Two ISPs can not support the same IP and the fail over as fast as it can be will drop a tunnel for a blip - long enough to terminate an RDP session or end an IP call from a handset.
  • No matter what you are going to drop "S" sessions and other odds and ends in the instance of a failover. For instance, if you are connected to a VPN (SSL, IKE) for your 3389 RDP you will have an external IP address (or more than one) and possibly an FQDN pointing to your external IP to access the internal resource...if you…
  • If you have a reseller (partner) account you will have more power than if you are on an end user account. To that, no freaking way I allow my security to a third party. Why not manage your devices with System Manager (or Dimension Command) and not have to mess with the cloud for local services and packet filters? DNS Watch…
    in Login Comment by TestingTester July 26
  • SNMP not possible with WG Cloud. I cant see it every being possible as the devices hosted in the cloud are like any other MSP and your stuff is on the same boxes as other folks stuff. They are not a 1 for 1 as it would be if you had your own fireboxes out there. So, to parse your data from that of every other tenant would…
  • That is the thing - it IS in the log (and can be seen via DHCP logs). It just does not match the two. Oh well....
  • Authentication and encryption occur simultaneously. When you select the one, it already knows the other.
  • Even in Dimension, you do not get the hostname in the regular view. It is easier to go back to the DHCP server and get the hostname from theIP If I am not mistaken, you need SSO to get the hostname to show in DImension. Been a while.
  • @federicomassimi - I did not give directions as it is in my opinion a terrible idea. The first question would be what type of interface your current LAN Subnet was on - Bridge, VLAN, Trusted, Optional, Custom...., In general most folks novice to WG have their network on a "Trusted" interface. So, if you were not on a…
  • The only real way is to bring it to an outside page. Your question is one of the exact reasons that we moved away from the WG portal for guest networks as your concern is identical. Unless WG wanted to offer us some funds for their marketing on our private network, makes no sense to put their logos on it...maybe I am nuts.
  • We have been asking for that, even by host name for...well, about 15 years.
  • WiFi is a train wreck....UTM is great. AuthPoint...well, it is AuthPoint.
  • Heck, first they have to fix the products they are selling....god, I hope they do not muddy the waters anymore. I am not sure what they would hope to gain by getting into the very crowded switch market...seriously if that was the plan someone in their upper MGT team needs to be relieved of their duties. Simply, no reason…
  • I have a terrible I idea...one could bridge SSLVPN traffic............
  • Why not use OpenVPN Connect? It is free.....and the same as what WG uses.
  • Why not connect to a system that is on the same subnet (via RDP) and wake up your system from there? I suppose you could create a policy for whatever port is needed from (192.168.113.x/24????) to your iLO...in my experience, I find another way in to just be easier.