james.carson
Hello WatchGuard Community users,
If you need personal or confidential support, please create a case by clicking the support center link on the top right of this page, and creating an online technical support case.
I am unable to provide support via PMs in the forums.
Thank you,
-James Carson
Comments
-
(This version includes the ability to adjust some built-in database settings to help with performance.) Download here: https://software.watchguard.com/SoftwareDownloads?current=true&familyId=a2RF00000009On4MAE Release notes (including resolved issues) are here:…
-
You can't reserve an IP for a client, but like Bruce mentioned, you can set a policy for that user or group. See: (About Mobile VPN with SSL Policies) https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/mvpn_ssl_policies.html Even if this is for one user, I would suggest using a group for…
-
Hi @Chris_Kelley * VIFs support this. On the side you want to be forced across the VPN you'd just put the route as 0.0.0.0/0, and on the main site you'd put the network route at that site so the traffic can get back (10.0.1.0/24, for example.) * Yes. Policies are covered by the BOVPN allow in/out rules that are generated…
-
@Fmxe The cloud services team is working on getting the auto-upgrade functions on-line. In the interim you can download the upgrade files directly from software.watchguard.com.
-
Hi Robert, It appears as if that software is trying to get the actual certificate and not the proxy authority certificate. If the proxy is set to inspect, it will not allow this. If your security software requires a connection that is not being inspected and resigned by the proxy, setting up an exception or packet filter…
-
Hi @Robert_Vilhelmsen It looks like we do supply some info if the log level is turned up to WARNING and the reason is a recognized one. https://www.watchguard.com/help/docs/fireware/12/en-US/log_catalog/Log-Catalog_v12_8.pdf (see page 110-11) I would not expect the firebox to pipe the exact output of the error into the…
-
You can set up alerts via Gateway Wireless using custom notifications as Bruce mentioned. For WiFi cloud, you can set up alerts if the AP goes down for more than (10-120 minutes) in Configure -> Alerts.
-
Hi Jorge, AP225 is a wallplate (panel type) antenna, so radiation will be 'mushroom' shaped away from the front of the device. You can see the full datasheet for the AP here: https://p.widencdn.net/hq4mhy/AP_225W_Datasheet If you're still having issues sending data, even with the mitigation you've done, you may have an…
-
This is the latest software we have available for these devices: (Software for Firebox X Core e-Series) https://software.watchguard.com/SoftwareDownloads?current=true&familyId=a2RF00000009GnEMAU Occasionally, we are no longer able to distribute older versions of software due to license agreements no longer being valid, and…
-
Hi @SupportETS I made a request to the support manager team to have your case re-opened. The tech assigned to your case should reach out to you via that case.
-
Hi @WillD The customer in this instance never let us know if they resolved the issue. If you're running into a similar issue, I'd suggest opening a support case so that our support team can help with any disconnect issues you might have.
-
Hi @Scott_Davis The cloud planning folks are currently looking into what would be required to do this (via PLAN-1584.) If this happens it would still be a way out (there is not currently an ETA.) If you need SNMP on a firebox I would suggest locally managing to allow that for the time being.
-
@SupportETS Can you please let me know what the case number is for this? I'd be happy to look into that case for you. Thank you.
-
You can do one of two things: -You can add the IP addresses to the external interface's secondary tab, which makes the firebox own them. This allows you to use them for things like VPNs, and SNAT actions (firewall rules for one or multiple ports.) -You can make an entry in the 1:1 NAT table, which binds the external IP to…
-
@SupportETS I'd suggest opening a support case if you're not seeing anything. Our support team can get your account details and try to track down the issue.
-
Depending on what version that older device is running, you'll need to use an older version of WSM to accomplish this. That firewall has not had any software updates for a very long time, and is missing a lot of the features on the modern Fireboxes. I would suggest replacing this unit.
-
If the firewall is checking the authentication server (in this case, AzureAD) and is getting back that the user does not exist, that error is coming from your Auth server. I would suggest checking the authentication logs on Azure AD itself to see if you can find it searching there -- you'll likely get more information…
-
Hi @KellyL The part numbers for these change from time to time. Please contact your reseller, or WatchGuard Sales. If you need to find a partner/reseller, findpartner.watchguard.com If you'd like to contact sales: https://www.watchguard.com/wgrd-about/contact
-
The "WatchGuard" rule handles connections from WSM, Management server, and SSH. The "WatchGuard WebUI" rule handles connections from the WebUI. There are two management rules to allow customers to configure one, the other, or both however is needed in their environment. If you modify them, ensure you're leaving yourself a…
-
I'm not really sure what this problem might be -- I would suggest a support case for this issue. I would suggest generating a support file when you see the disconnect issue (if the system will let you) as that will contain those and some other system logs that might help pinpoint the issue.
-
If they're in a cluster, the system should be taking the longer of the two and applying it to both. (note that WatchGuard cloud needs to see both devices in a cluster, so if they've just been activated and haven't actually logged anything as a cluster yet, you may not see that.) If you're not seeing that I would suggest a…
-
Check to see if there's anything that might be adding that into the connection. (We often see ISP devices with an "ESP ALG" enabled that will try to manage IKE connections. It's also worth checking if the router at the remote location has anything set up to deny or control IKE/IPSec connections.
-
Hi @Robert_Vilhelmsen the error "MS-CHAP-Error(20381698)" is likely just being piped in from the response of your NPS server. I would suggest looking in your authentication logs on that server to see if there's any more info.
-
Hi @AllanBaum It's expected that the firebox will only update the primary/active interface via DDNS. If you want to do something more advanced, I would suggest using the client provided by your DDNS provider on one of your PCs.
-
In most circumstances the SSLVPN is allowed, as it resides on TCP port 443 by default (the same port used for HTTPS traffic.) It is, however, possible to block VPN traffic (even SSL based VPNs.) I would suggest requesting your company set up another VPN option (such as the IKEv2 VPN) to provide you a backup option. Like…
-
Hi @Robert_Vilhelmsen I'd suggest opening a support case so that we can look into what's happening. Users generally should not be swapping groups in the manner you're describing, and we'd need to look at the LDAP sync logs on the system to determine what's going on there.
-
Hi @Robert_Vilhelmsen At this time there are no plans on supporting multiple groups per user inside of AuthPoint.
-
Hi @Roddy100 You only need to use a SNAT action for traffic that is coming in and needs to be NAT'ed to your internal hosts. If you're going from one private network to another on the same firewall, you can just use a policy with TO and FROM being those networks. Unless you have a specific reason to be proxying the…
-
@Victor_Renard FBX-24611 is confirmed as fixed, so that issue is likely not what you're running into. The biggest factor that is usually an issue with SMB connections is latency due to how that protocol works. BOVPNs (and BOVPN virtual interfaces) tend to induce some latency due to their physical distance from each other.…
-
The logic is to check that the interfaces are able to accept traffic, the system determines that via link monitor. LAG interfaces don't really have normal traffic on them (it's all usually VLAN) so there isn't a network to check. There is a bug open to fix this behavior (FBX-20292) but for the time being, the cluster is…