james.carson
Hello WatchGuard Community users,
If you need personal or confidential support, please create a case by clicking the support center link on the top right of this page, and creating an online technical support case.
I am unable to provide support via PMs in the forums.
Thank you,
-James Carson
Comments
-
Hi @Philmax If you haven't already opened a support case, I would suggest doing so. If this is for an existing support case, can you please reply with the case number so that we can look into the case for you? If you are using Windows, the classification of the drive (external/internal) is derived from Windows - if you…
-
Hi @Robert_Vilhelmsen If you've verified these are ZIP files that can be opened, I'd suggest opening a support case for this. The AV service will attempt to expand any file it thinks could potentially be an archive, so it's not uncommon to see errors for things that don't end up being archives or can't be opened. If the…
-
I would suggest opening a support case so that we can get more information about what/how this is occurring
-
In application.log, we're getting an error response back from your LDAP server: AcceptSecurityContext error, data 52e, v4f7c (52e is invalid credentials, which is about as generic as these errors can be.) I would suggest checking the logs on your LDAP server - they may have more information.
-
Hi @Adam At this current point in time, the firebox only supports that one sampling method. (Configure NetFlow) https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/basicadmin/netflow_configure.html If this is an issue, I would suggest opening a support case so we can gather more details about your…
-
@tb7108 In policy manager the global failover settings are in Network -> Configuration, in the multi-wan tab. You'll need to make the other interface your primary there, and set a SD-WAN action in each policy to override that back to what you had.
-
@blabarbera The connection will fail if the certs are not identical. The only way that I've seen this work is if the same exact cert is used on both firewalls.
-
It would depend on what windows is pointing at for default gateway/default route. If it's pointing at something other than the firewall (or if the users are connected to a VPN, for example) that might change. You can see what the current routes are in windows by typing 'route print' on the windows command line.
-
If you're seeing a 404, it's very likely the SSLVPN download page was disabled. You can see how to enable it and disable it here: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/configure_fb_for_mpvpn_ssl_c_before.html#ClientDownloads You can find direct links to download the SSLVPN…
-
Hi @blabarbera The certificate will generally be the selfsigned certificate on each firebox. You'll need to distribute the new VPN profile to the machines that need to use it so they get that new cert. The only chance that you wouldn't need to touch the client PCs is if you happen to be using your own certificate (as in…
-
Hi @JSAV This isn't currently possible. There is an open feature request (FBX-26316) for this ability. Please create a support case and mention FBX-26316 if you'd like to follow this feature request.
-
Hi Pete, The front panel dashboard for the firebox generally won't have enough data to show more than an hour or two back (some data points persist longer, but for the most part, logs on the firebox itself are very recent.) I would suggest logging to a Dimension server (which is free for firewalls with a support contract.)…
-
If you're not seeing the traffic hit your firebox at all, it's very likely that traffic is being blocked upstream from your firebox. I would suggest contacting your ISP. You can also use TCPDUMP on the firebox to verify this - -Open and log into WatchGuard System Manager.0 -Launch Firebox System Manager -Go to Tools ->…
-
Hi @tb7108 The IKEv1/IPSec VPN doesn't allow this to be set in policy, and will just use global settings. I would suggest using one of the other VPN types (SSL, IKEv2, or L2TP) if you need this functionality in the policy for that VPN traffic. If you need to do this with the IPSec/IKEv1 VPN, you'll need to set your global…
-
Hi @EvWorkum Interface information can be supplied to the firewall via USB (or virtual USB) drive containing a specifically formatted CSV. See: (Use a USB Drive to Configure Interface Settings) https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/deploy/usb_interface_config_c.html If you're able to…
-
I would suggest turning up the SSLVPN logging so you can see any potential errors. You can change this in Setup -> Logging -> Diagnostic Log in policy manager, or System -> Diagnostic Log in WebUI. Unless you have a specific reason to be using BOVPN over TLS, I would suggest using a standard IPSEC BOVPN as it will…
-
Hi @BrunoMaio I tried making deny entries for copilot.microsoft.com/* and .copilot.microsoft.com/ -- with these, the webpage does load, actual interaction with the website via the text boxes appears to be blocked. Due to the number of assets the page is pulling from elsewhere (specifically bing.com) it may not be possible…
-
Hi @SteF The issue is related to the firebox, and not WSM/FSM - you'll need to upgrade the firewall as well if you haven't done so already. If you're running into this issue with the firewall on 12.10.2, I'd suggest opening a support case so we can gather more data related to your error.
-
Hi Robert, it isn't possible to assign a hardware token (WG or compatible 3rd party) to your watchguard.com/wg cloud login at this time.
-
Hi @frankl I'd suggest opening a support case. It's very difficult to troubleshoot issues like this without seeing the logs from the firewall or being able to see what traffic is making it to the firewall. You can create a support case by clicking the support center link at the top right of this page.
-
The OpenVPN TAP driver was updated between those versions -- if you're running into a problem with just the new version, you likely have something blocking that adapter from sending network traffic (local AV, local firewall, etc.) or potentially more than one TAP driver installed. The older SSLVPN TAP will work, but you…
-
Hi @nekoneko I'd suggest checking your AD authentication logs. If your authentication server is set to AD, the password is passed to that server for verification. The firewall's SSLVPN authenticates to AD via a simple bind - most Windows AD security policies won't allow password changes via simple bind.
-
@cyberbozzo I've asked the support lead to get an update or requeue the case for you. For support cases, if you do not get a response, I would always suggest calling (877) 232-3531 (or +1.877.232.3531 for international.) You're welcome to ask via your sales/local vendor -- but calling via the phone is generally faster.
-
Hi @frankl Most of the mobile VPNs will allow you to type in an IP address if the firewall doesn't know it, and specify a gateway ID that reflects the external IP. It'd help to know what specific VPN you're using, and if you're seeing any errors. Keep in mind that the upstream device(s) need to be forwarding that VPN…
-
Hi @kraeg Add the VPN subnets to your site to site (BOVPN) - it'll allow the Mobile users to access resources from either site.
-
@cyberbozzo If you can reply with the case number, I can look into where the case is. If a case has been assigned to a technician, it will generally be replied to inside the hours that technician works. They usually post their hours in their signature in each post they make.
-
Hi @Kroll The TAP driver is a component of OpenVPN - I would suggest asking Trend what exceptions you need to make for OpenVPN. It may be possible someone here is using their service, but it's way more likely that someone on their site will be.
-
@Tony_Lilley That's going to be difficult because you need to access the website to pull the video data down. If it's blocked, that generally won't work. A youtube video page will generally touch 30+ resources in different places just to be able to play that video.
-
Hi @RafaelFerreira I would not suggest running these devices. You're not running 12.1.3 Update 5 (B640446) or better, which means this device is susceptible to the Cyclops Blink issue. See: https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US 12.1.3 Update 3 (B608021 - the version you're…
-
Hi @Dre We currently only have an integration for HaloPSA/AuthPoint. (HaloPSA Integration with AuthPoint) https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/HaloPSA-saml_authpoint.html I would suggest creating a support case so we can capture more details about what specifically…