james.carson

Hello WatchGuard Community users, If you need personal or confidential support, please create a case by clicking the support center link on the top right of this page, and creating an online technical support case. I am unable to provide support via PMs in the forums. Thank you, -James Carson

Comments

  • Hi @amccann I'm happy to make the request, but please understand that the categories are based off of Forcepoint's Websense product. If you are looking to deny these sites via webblocker, a manual exception for each of these sites may be the best way for the time being.
  • Hi @BryceGiroux If you'd like to pull stats from both devices, your SNMP server will need to be on the same subnet as the management interface for the Firecluster. If you're reaching it from a different network, or across a VPN, you will only be able to access the current master device.
  • Hi @usifirebox Why are you using non RFC1918 addresses as a private subnet? Since this traffic is just going to be NAT'ed going outbound, this doesn't add any security to the network. RFC1918 reserved address space for private networks: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)…
  • Hi @amccann For applications like RMMs, I would suggest looking into Application Control. Many of the common systems (anyconnect, goto, teamviewer) are available as actions that can be applied to policies.
  • -AFP vs SMB. Info on Apple's website (specifically their forums) suggest that AFP performs in the same manner (where it expects to see an ACK of the previous blocks prior to sending more.) FTP is a good alternative to test with if you're looking for something to compare against, as it's designed to stream across a WAN.…
  • Hi @JethroD Based on what you're describing, the speeds you're seeing are likely a combination of the following things: -Network speed (between the two points, upload and download.) -Protocol in use to test and/or transfer files. (this is very often SMB) -Latency between the two points. -Use of a full tunnel vs a split…
  • Hi @unitedregional You'll need to add the user in Users and Groups first. Once the user is there, you can add it to policies. See: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/define_users_groups_about_c.html Please note that the usernames are case sensitive, and will appear…
  • Hi @Greg That page is continuously updated. In the meantime, you can find details and scores for each vulnerability at NIST's website: -This release updates the version of OpenSSH used by Fireware to v9.6p1 and addresses CVE-2023-48795. [FBX-26195] https://nvd.nist.gov/vuln/detail/CVE-2023-48795 -This release updates the…
  • Hi @devnull4u I did some testing and was able to get this to pop up on one of my testlab firewalls with no module installed. I opened a feature request to clean up that log message - that is FBX-26563. Please create a support case and mention FBX-26563 if you'd like to follow that request.
  • @GeorgeWillow Yes. Create a support case and mention FCCM-4622 in the case, and that you'd like to follow that feature request. The technician that is assigned the case can set it up to do that for you.
  • Hi @devnull4u A log message like this would generally suggest that some of your logging may be turned up past error, or that the 3G/4G modem feature of your T80 is enabled but isn't finding a device. We'd be happy to help fix this issue for you, but we'll need more information about how your firewall is configured. Please…
  • Hi @Alex_S If you want to follow or get status updates on this feature request, please open a support case and mention the feature request number The status of these request currently is: FBX-4651 - SUN-RPC <- Closed FBX-16085 - DCE-RPC <- Open but no updates
  • Hi @GeorgeWillow There is currently a feature request open for the ability to turn TCP SYN checking off for cloud managed devices. This is FCCM-4622.
  • I created a feature request for you - this is FCCM-8192. Please create a support case and mention FCCM-8192 somewhere in the case if you'd like to follow this request. The tech that is assigned the case can set this up for you.
  • Hi @markhudy It's not uncommon for Intel to release driver updates - would it be possible for you to post your driver version so future folks that stumble on this can try to match it up? Thanks for posting your solution.
  • Hi @Sam_Cotton_01 It depends on what module you're using. If your module only has two ports, it's probably this one: -WatchGuard Firebox M 2 x10 Gb SFP+ Fiber Module (WG9020) It will only accept 10Gb SFP+ modules (so you can't mix a 1Gb module in, for example.) See the article here for more information on what each module…
  • Hi @Farsight_Tech_Nordic The firewall itself doesn't see a difference between a 3G, 4G, or 5G modem - it treats them the same way. The list of supported devices in in the article here: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/modem_interfaces_about.html The T45-CW supports…
  • Hi @ovwg There's an existing feature request for this feature, it is FBX-19172. If you'd like to follow this request and be notified of any news regarding it, please create a support case and mention FBX-19172 somewhere in the case - the technician assigned the case can set the case up to do that for you. If your users are…
  • Hello @Tytanmus After the initial quick setup wizard, the only ports that are configured are ports 0, 1, and potentially 2. -If you are not getting a DHCP address, DHCP is very likely not enabled on that network. -If DHCP is not set up, you likely will also not have a DNS address assigned by the DHCP server. I would…
  • Hi @krstffrcrvnts Microsoft lists all of their domains they use for those services here: https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide -I would suggest using a tool like firewatch in the WebUI of your firewall to see where your bandwidth is actively going.…
  • Hi @OCCC_IT The WebUI and the SSLVPN client are two separate things - they don't really relate to each other in the way that you're suggesting. -If you are using RADIUS to connect to an authentication server that supports MFA, the MFA server is what decides what type of authentication it will accept. -If you are using…
  • Geolocation blocking happens before exceptions for the HTTPS proxies -- most customers that want to block international address generally just allow whatever is trying to update to retry until it finds a server in an allowed region.
  • Hi @mbhalla Authentication for the mobile VPN is via username, so that is what appears in logs. You can search for the user's username in logs to see them.
  • Hi @the_jonathan Check to see if your upstream NAT devices are forwarding and allowing that IPSEC traffic. Specifically ESP traffic. There's a reason we generally recommend NAT devices not be in front of your firebox, and this is one of them. Your logs are not sanitized (I can see the destination IPs in your logs) and I'm…
  • Hi @WatchGuardKieran By default the AuthPoint Gateway's RADIUS component will listen on port 1812. If you require a different port (or if there is another server listening on port 1812 on that server, like NPS for example) you can change it by changing the port number in the first screenshot you took. If you'd like to…
  • Hi @Norman There's a feature request for this already -- it is: FBX-3998 - Multi-WAN support for IPv6 Please create a support case and mention FBX-3998 if you'd like to follow that request.
  • Hi @TechNerd Please try to view the certificate -- that will probably give you more information about what's going on. -If the certificate says 'proxy authority' or has your firebox's serial number in it, the user may need to import the proxy authority certificate from the firewall. You'll see this type of error if the…
  • Hi @Maxspeed There is an existing feature request for this. It is FBX-9922. Please create a support case and ask to follow FBX-9922 if you'd like notifications on this request.
  • Hi @Philmax I have asked the support lead to escalate your case. It should be assigned a new technician from that team shortly. Thank you.
  • Hi @Philmax Can you please reply with your case number so that I can have my support lead look into your case. I can't do anything for you unless you reply with your case number. If you'd prefer to keep that private, please reply in your support case that you'd like it escalated to a manager, and the technician currently…