james.carson

Hello WatchGuard Community users, If you need personal or confidential support, please create a case by clicking the support center link on the top right of this page, and creating an online technical support case. I am unable to provide support via PMs in the forums. Thank you, -James Carson

About

Display Name
james.carson
Joined
Visits
806
Last Active
Roles
Moderator, WatchGuard Representative
Points
319
Badges
6

Comments

  • Hi @user808 If you have DNSWatch turned on for the firewall, DNS forwarding will also be enabled, so this traffic is redirected to whatever DNS servers are defined in DNSWatch. You may need to expose the "enable configuration of policies for traffic generated by the firebox" in Setup -> Global Settings and put your deny…
  • Hi @jkrudeen The traffic appears to be going through the IMAP proxy, so that's a good sign. -If you're running an older version of Fireware, you'll want to update to the latest version. Some older versions use an older engine that does not work anymore. See:…
  • Hi @jkrudeen If you're running TLS encrypted IMAP, the action should be inspect. However, your mail client/OS will need to trust the proxy authority certificate from the firewall as authorative (as it will re-sign the traffic.) You can export it from System -> Certificates on the firewall, and import it using the…
  • Hi @jkrudeen You'll want to make sure you have an IMAP proxy polciy set up with spamblocker enabled. If you do have one of those, I'd suggest opening a support ticket with our support team, so they can look into why we may not be matching that policy. You can create a ticket by clicking the support center link at the top…
  • Hi @jkrudeen If you go to Firebox System Manager -> Subscription Services tab, or the Fireware WebUI go to Dashboard -> Subscription Services, there will be a section for spamblocker that shows # of messages processed, spam stopped, etc. If you're seeing zero for everything, you might be using a different protocol (for…
  • Hi @"[email protected]" The SSLVPN client will try the primary IP, and if it is unable to connect, will then use the secondary address. If you take the IP/hostname and port from your SSLVPN config, and type it in your browser (for example, https://12.34.56.10:444) can you get to your SSLVPN logon page?
  • Hi @Groenagergaard If you click the support center link and create a support case, one of our support reps can assist you, provided you have an active support contract.
  • @KAndersson Try looking at the policy map feature. This should provide what you're looking for.
  • Hi @"a.drache" What type of hotspot are you using? FIrebox, or the one on the Cloud APs? The hotspot system on the firebox is very basic. If a user comes back (especially via a different AP or IP address) it may not remember them. If the user is clearing cookies, or using incognito mode to enter the password, their browser…
  • Hi @"michalis.e" You should be able to use ifAdminStatus and ifOperStatus should be able to provide information if the interface is marked up or not. You can read more about what SNMP MIBs the firewall supports here: (About Management Information Bases (MIBs))…
  • Hi @spencerross If you're using hotspot on the firewall itself, the auth page works by inserting a redirect into your initial HTTP request which takes you to the captive portal page. DNS is allowed to work as it'll never make it to the HTTP GET and redirect without it. If you're seeing a DNS error, check that your tablet…
  • Hi @drnet If you don't have a support ticket in place, I'd suggest opening one -- there's a very limited amount of troubleshooting that can be done over the forums.
  • Hi @toscanatlc The DNS servers on the firewall only govern what DNS servers the firewall uses, and in the event of it being a DHCP server, what DNS servers it provides to the client(s). If there are clients that still have a DHCP lease from when that was the setting or that manually have it populated (for example, if…
  • Hi @toscanatlc Please see my comment on your other post here: https://community.watchguard.com/watchguard-community/discussion/2094/dns-probe-finished-nxdomain#latest Based on what you've described both here, and in the case, I do not expect that downgrading will fix your issue. If the DNS response coming from an external…
  • Hi @toscanatlc I was able to search around and find your case. In this case, it looks like you've completely disabled any DNS service on the firewall and are getting an NXDOMAIN response from your DNS server. If the NXDOMAIN response (as in the server is making a response saying it can't find the host) downgrading the…
  • @toscanatlc Can you please give me your case number? I can go take a peek and see if I can get the tech to escalate it.
  • Hi @toscanatlc The network config is part of the configuration, so there's no way to salvage just that. You can easily hand-copy those details using two policy manager windows, however. In policy manager, go to File -> New, which will start a new config file. -You'll need to go to Network -> Configuration, and populate the…
  • If for some reason this cert isn't included in the Firewall's cert bundle, you can install it by using FSM View -> Certificates, and import. -First, try clicking the button to update trusted CAs for proxies. -If that doesn't get it in the firewall, you can import it by clicking import certificate. Choose "General Use" when…
  • Hi @Abertay Leave the standard policies, they're governed by the checkbox the bottom of every VPN (gateway/gateway tab) that says "Add this tunnel to the BOVPN-Allow Policies." -- if you don't want it to be part of that policy, uncheck the box there.
  • Hi @Abertay BOVPN VIFs should follow standard rules, but make sure you're using the VPN rule type. The rule should appear green in policy manager if it's detected as a VPN rule. (Either use the VPN alias in the add menu, or use OTHER and specify "tunnel address" in the drop down.) Unless there's a rule for the traffic to…
  • It allows simple control of multiple firewalls from one point without having to stand up a on-premise server.
  • Hi @"[email protected]" There is an open feature request for this already -- it's FBX-11806. If you'd like to follow that request, please create a case and mention that somewhere in the details. The reason you can't do this today is that IPS scanning happens very early in the firewall's order of operations (before…
  • Hi @grahamo There isn't a way to set the actual http(s) session to not timeout. If you're timing out trying to run a large search, I'd suggest trying to break that into smaller chunks so the system can process them/display them.
  • We remove some autofilled data in the integrations if it's not accurate across the board. In the case of office365, there's more than the one option there.
  • Hi @ConnectNow Use the support center link to create a new case. When asked for case type, choose customer care. Include to serial number of the device, and a picture of the serial number barcode as an attachment in the case. The licensing team can have the device moved to your account. This is a manual process as we need…
  • Hi @toscanatlc If a downgrade then upgrading back to 12.7.1 fixed it, it's likely something got cached. If for some reason this occurs again, I'd suggest a support case so we can get logs from the device and determine how that might be happening (if that is what happened.) Thanks for reporting back what you did to get it…
  • Hi @MattMK What's the case number for the case you opened. I can go check to make sure it's routed to the correct team.
  • Hi @Chris_Kelly This is likely going to be setting some sort of trust from the firebox's IP address -- since exchange is doing this, it may be worth asking Microsoft's support how to do that.
  • Hi @toscanatlc I'll look into this and see if I can get it to reproduce. If the issue continues, I'd suggest opening a support case for it -- that'll allow us to get more details and help should that happen.
  • @"[email protected]" Thanks for the reply. That's the expected behavior. There's a registration routine that the host sensor does when it first starts up that links it to the new UUID. If that isn't run, it won't report to the new place.