Tristan_Colo
About
- Display Name
- Tristan_Colo
- Joined
- Visits
- 17
- Last Active
- Roles
- No Roles
- Points
- 4
- Badges
- 0
Comments
-
> @WGM said: > ah silly me! You're right. Thank you again Bruce! Does this inspection work? How is it decrypting the traffic as I thought FTP 22 was encrypted.
-
+1 on this feature
-
Yeah without an APP you either have to get a hardware token or get a phone that supports AuthPoint.... unless WG changes otherwise
-
I believe the goal here is to get AuthPoint working with a tool like IT Glue (See here for how IT Glue integrates with OTP) which helps MSPs manage things that are tied to MFA without tying accounts to a bunch of phones that we babysit if a tech lea…
-
In all fairness James appears to be from the Technical side not a sales person, and there are a myriad of reasons to get a WG WAP over Unifi (First of witch being how it is cloud controlled)... and he may not have all of the sales pitches dialed in …
-
Because then that device gets an IP in a DHCP Pool... which to me is a problem especially if we have to make a bunch of block rules just for one IP or Alias full of Private IPs (as most DHCP networks are Trusted inherently so I'd have to make sure n…
-
I was more-so talking about the SSL VPN plans to make sure that we don't have to configure a new VPN setup just for Native VPN clients... if that is the route we have to go that's fine but that means a lot of time retraining end users on how to conf…
-
Yes but what if we are wanting to whitelist a MAC regardless of IP? IE To prevent the need of reprogramming a DHCP Lease? Sonicwall appears to have this capability.... it is surprising that WatchGuard has yet to do this. What if we want to blackli…
-
@James_Carson I figured out how to do this.... I ended up just changing the Teams Rooms to .onmicrosoft.com accounts and setting up the domains as aliases so they can still be emailed.... It is annoying that we have to do it this way... it'd be nic…
-
> @symphonyspace said: > I have a few remote staffers that are on MacOS devices. Today, one of them reported that they had purchased a new MBP that delivered with Big Sur already aboard. Could you opine a possible delivery date for a gold ver…
-
> @James_Carson said: > Hi @Tristan_Colo > Your link is broken -- do you mean this? > https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/restrict_by_mac_c.html > > For hardware network…
-
I am trying to skip that all together.
-
This is behavior that any app that uses SAML for office does.
-
See this article for why Suffix does not automatically apply: https://techsearch.watchguard.com/KB/WGKnowledgeBase?lang=en_US&SFDCID=kA10H000000g3X0SAI&type=Article
-
My only issue with it thus far is that the 365 documentation and integration is very sparse.... and even their documents point to Microsoft's convoluted directions instead of their own "clean" directions.... Currently I need to be able to…
-
I thought the "Safe locations" could be used to whitelist geolocations (like an office).... tho the only issue with this of course is any security risk that comes with IP Spoofing...
-
It is now released to the public out of Beta!
-
Yes but The issue is that we either have to use SAML or ADFS..... This leaves it so we have to do an "all or nothing" deployment and causes things like Team rooms to break.... ADFS is very complex to setup and SAML is not granular.... Th…
-
If anything, for now I'd invest in an MFA product like AuthPoint or DUO. Then you can MFA the VPN off and the passwords don't need to expire. This is technically more secure any way as currently all someone needs to do is know your vpn URL and some…
-
This isn’t necessary.... no MFA has control over this this is done on the user level.... For instance I can tell my phone not to allow me to accept push notifications until it scans my finger or face
-
Yeah, split tunnel may be "less secure" but only if someone happens to see your route table of your machine as you connect.
-
Can we please get this as an option for more models? SNMP is a doable service on all other AP models (Unifi, Datto, Meraki) and seems like a basic feature to be missing.... This is a must for Auvik integrations.
-
Yeah, split tunnel may be "less secure" but only if someone happens to see your route table of your computer... otherwise it's fine as long as your AD domain doesn't end in ".com"
-
This isn’t necessary.... no MFA has control over this this is done on the user level.... For instance I can tell my phone not to allow me to accept push notifications until it scans my face (iPhone X) Most cell phones don’t allow access to tho…
-
If anything, for now I'd invest in an MFA product like AuthPoint or DUO. Then you can MFA the VPN off and the passwords don't need to expire. This is technically more secure any way as currently all someone needs to do is know your vpn URL and some…