james.carson
Hello WatchGuard Community users,
If you need personal or confidential support, please create a case by clicking the support center link on the top right of this page, and creating an online technical support case.
I am unable to provide support via PMs in the forums.
Thank you,
-James Carson
Comments
-
Hi @KGS It'd help to know what version of SNMP you're using, what model the firewall is, and what version the firewall is running. I'd suggest opening a support case, and include a packet capture of the request/output if possible. I don't see ipNetToPhysicalIfIndex or 1.3.6.1.2.1.4.35.1 included in the supported items, so…
-
Hi @tantony If they're still showing .local on the firewall and you need them to be .com, you will need to change that in your auth server settings. If it's something else, I'd suggest opening a support case so that we can look into any errors you might be seeing.
-
This thread will be closed -- if you're experiencing this issue, please open a support case using the support center link at the top right of this page. While issues may appear similar, they're very often due to small differences in each user's environment. The best place to look into this, get logs, and help directly is…
-
Hi @FW2024 I would suggest opening a support case. You can do this by clicking the support center link at the top right of this page.
-
You need to change your auth server (in Authentication -> Servers, select LDAP) to reflect the new domain name. If you type in another domain name (via UPN) in the VPN client, the firebox may try to find that auth server. Since it doesn't exist, it'll likely fail.
-
Hello @SecretSquirrel There's a few reasons why your firewall might be stuck in pending. If you're able to provide any log messages (from the firebox of the management server itself) that may help determine what happened. Please see: (Firebox is in a Pending state on the Management Server)…
-
Hi @JohnathanT You didn't answer the question about which VPN you're using. I need that information to give you the correct information. SSLVPN has a feature request that is being worked on to allow SAML login. There are other components that need to be worked on, such as IDP portal compatibility. The feature request ID…
-
Hi @HolyGuacamole I'm not sure how exactly they have their account set up -- if they're just set up as a normal account, they should be able to add an account for you that allows you to be an operator for the fireboxes you bought/lease/whatever from them. Most resellers that do this will do so via folders. I would suggest…
-
I would suggest telling your customer to screenshot the deny page that they're seeing when they try to go to your site, and tell them to forward that to their internal IT admin/helpdesk. That should have all of the information their local helpdesk needs to change any settings to allow that site.
-
Hi @Yorbin_Rubio If your firewall is doing this by itself randomly, I would suggest opening a support case. You can do so via the support center link at the top right of this page.
-
Hi @ThomasGV I've removed your links to the other sites, as we can't control what gets placed on those. Suffice to say you'd like FIDO2 supported. In it's current state, AuthPoint does not support FIDO2, but instead supports many of the same features via the AuthPoint mobile app. For customers that prefer to use hardware…
-
Hi @phanaaekIT If you're receiving traffic back over ICMP, it likely means that you're using UDP to access that traffic. Try turning QUIC off in your browser, and try again. The tickbox that you're checking would only be relevant if the firebox's proxy is in use - and the ICMP message would usually be to reduce packet…
-
Hi @ahude The specific systems that handle that information in the newer licensing system isn't connected to the database that houses that information. Work is being done to bring this information back to the manage products page. I don't have an ETA as to when it might be complete. Unfouranetely, getting this info into…
-
There would need to be a route in your BOPVN tunnel to handle traffic to that public IP if it's a standard BOVPN Gateway/Tunnel pair. If it's a BOVPN Virtual Interface, it should work so long as the routes are in order. If you're not seeing any logs from the firewall and the connection is TCP, it's likely not completing -…
-
Hi @R_Devlin The firebox(es) don't really have a maximum performant number of SSO users. The number of users is limited by license, which is by model, but that's total number of logged in users (via SSO, RADIUS SSO, or authentication portal.) Some previous models and the NV5 have a hard authentication limit - as in the…
-
Additionally, prior to any scanning, I would suggest upgrading your firewall to the latest version of Fireware. (At the time I posted this, latest version for that device is 12.10.3.) There's a number of security fixes since 12.8.2 that will likely get picked up by whatever scanning service you're using.
-
@bford I'd suggest asking them for clarification. If they're asking you to specifically whitelist a MAC address for a device that's not on the same subnet as your device or your upstream ISP's device, it's not actually possible to do that on any gear, WatchGuard or no. In TCP/IP, MAC addresses are used to talk to local…
-
Hi @HeroldEng The AuthPoint logon app need to download it's config from the cloud before it will start enforcing policies. If this isn't happening, does the workstation have internet access? If you're having issues getting this workstation to sync up, I'd suggest opening a support case. Our team can help take a look at…
-
Hi All, I am going to close this thread. If you need help with an case (existing or not) please feel free to speak up -- I'm happy to help -- but please do so in a new thread/post. If you are asking for help with a case, please remember to include the case number. Thank you,
-
Hi @Ed_Gruenwald The tunnel latency shouldn't/won't have any impact on the Excel version using/leaving a lock file. I think your testing does a pretty good job proving this isn't the VPN itself causing this. My hunch is that the hidden file Excel creates when a document is open isn't being removed. I'd suggest checking…
-
Hi @MattB You'll need to use tunnel switching. See: (Branch Office VPN Tunnel Switching) https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/manual_bovpn_tunnel_switching_summary_wsm.html Basically, the middle device ("network at primary location") needs to have tunnel routes for…
-
Hi @Ben_U I'll get a manager to take a look at your case -- Thank you for bringing that to our attention. update: I was able to contact the manager for the sales team you've been trying to contact. They will reach out to you directly.
-
Hi @Robert_Vilhelmsen In general, application control being run on HTTPS traffic that is not being content inspected will be less accurate than traffic that is. Wujie/UltraSurf specifically tries to make its traffic appear as multiple other protocols (like https.) If you're seeing false positives for this via HTTPS, I'd…
-
Hi @OPTDoug I'm assuming that your home connection is already allowing the traffic outbound. If it is not, you'll need to make a rule to allow that there. On the work side, you'll need to create a new rule. If you're using policy manger: -Go to Edit -> Add Policy -Select the protocol from the packet filter list, or create…
-
The firewall might be sourcing from the wrong interface. Instead of defining "-I eth0 IP" try defining the IP you want the firewall to ping from. e.g. if my firewall's external IP is 169.254.100.100 I would specify: -I_169.254.100.100_94.140.15.15 (I put underscores where the spaces should go because text formatting.) If…
-
Define multiple gateway endpoints when creating your VPNs. The firewall will try them one at a time in order. If the first does not respond (e.g., the internet is down on that circuit) it will go on to the next one. When the SA expires, it will start this process over again. See: See: (Configure Manual BOVPN Gateways)…
-
Hi @blockingvolume Please make sure your firewall is running the latest version of Fireware (12.10.3 at the writing of this post.) The new categories are added in that version.
-
@KAndersson I'll pass your request onto the product managers. There is an existing feature request, and that is AAAS-12937. If you'd like to follow that request, please create a support case and mention AAAS-12937 in the case.
-
Hi @KAndersson FIDO2 does not appear to currently be on our roadmap. It may be in the future. -We do support both WatchGuard branded and third party hardware tokens. See: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/tokens_hardware.html -The AuthPoint app supports other 2FA methods, such…
-
All of the logs are saying that B channel (the side of the connection from the firewall to the distant webserver) are failing. I would check that side of the connection. If this is failing for multiple sites, it might be possible that IPv6 is not set up correctly on this/these firewalls.