james.carson
Hello WatchGuard Community users,
If you need personal or confidential support, please create a case by clicking the support center link on the top right of this page, and creating an online technical support case.
I am unable to provide support via PMs in the forums.
Thank you,
-James Carson
Comments
-
Hi @BrunoMaio I tried making deny entries for copilot.microsoft.com/* and .copilot.microsoft.com/ -- with these, the webpage does load, actual interaction with the website via the text boxes appears to be blocked. Due to the number of assets the page is pulling from elsewhere (specifically bing.com) it may not be possible…
-
Hi @SteF The issue is related to the firebox, and not WSM/FSM - you'll need to upgrade the firewall as well if you haven't done so already. If you're running into this issue with the firewall on 12.10.2, I'd suggest opening a support case so we can gather more data related to your error.
-
Hi Robert, it isn't possible to assign a hardware token (WG or compatible 3rd party) to your watchguard.com/wg cloud login at this time.
-
Hi @frankl I'd suggest opening a support case. It's very difficult to troubleshoot issues like this without seeing the logs from the firewall or being able to see what traffic is making it to the firewall. You can create a support case by clicking the support center link at the top right of this page.
-
The OpenVPN TAP driver was updated between those versions -- if you're running into a problem with just the new version, you likely have something blocking that adapter from sending network traffic (local AV, local firewall, etc.) or potentially more than one TAP driver installed. The older SSLVPN TAP will work, but you…
-
Hi @nekoneko I'd suggest checking your AD authentication logs. If your authentication server is set to AD, the password is passed to that server for verification. The firewall's SSLVPN authenticates to AD via a simple bind - most Windows AD security policies won't allow password changes via simple bind.
-
@cyberbozzo I've asked the support lead to get an update or requeue the case for you. For support cases, if you do not get a response, I would always suggest calling (877) 232-3531 (or +1.877.232.3531 for international.) You're welcome to ask via your sales/local vendor -- but calling via the phone is generally faster.
-
Hi @frankl Most of the mobile VPNs will allow you to type in an IP address if the firewall doesn't know it, and specify a gateway ID that reflects the external IP. It'd help to know what specific VPN you're using, and if you're seeing any errors. Keep in mind that the upstream device(s) need to be forwarding that VPN…
-
Hi @kraeg Add the VPN subnets to your site to site (BOVPN) - it'll allow the Mobile users to access resources from either site.
-
@cyberbozzo If you can reply with the case number, I can look into where the case is. If a case has been assigned to a technician, it will generally be replied to inside the hours that technician works. They usually post their hours in their signature in each post they make.
-
Hi @Kroll The TAP driver is a component of OpenVPN - I would suggest asking Trend what exceptions you need to make for OpenVPN. It may be possible someone here is using their service, but it's way more likely that someone on their site will be.
-
@Tony_Lilley That's going to be difficult because you need to access the website to pull the video data down. If it's blocked, that generally won't work. A youtube video page will generally touch 30+ resources in different places just to be able to play that video.
-
Hi @RafaelFerreira I would not suggest running these devices. You're not running 12.1.3 Update 5 (B640446) or better, which means this device is susceptible to the Cyclops Blink issue. See: https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US 12.1.3 Update 3 (B608021 - the version you're…
-
Hi @Dre We currently only have an integration for HaloPSA/AuthPoint. (HaloPSA Integration with AuthPoint) https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/HaloPSA-saml_authpoint.html I would suggest creating a support case so we can capture more details about what specifically…
-
Hi @JSAV You'd create one DNS record as there's only the place to enter one in Authpoint -- you'd need to round robin or similar load balance that however you wish.
-
Hi @MikeD There hasn't been any change on this feature -- if you'd like to follow the issue, I'd suggest creating a support case and mentioning FBX-19095 - the tech assigned the case can set that up for you. A support case tagged with an issue is sometimes used by the project management team to gauge interest in a feature…
-
Hi @travis_tmb For the most part, QoS settings on the firewall itself are useless for this type of scenario. Most ISPs ignore or strip QoS flags, and if the firewall is the last thing to touch the traffic before it goes to the ISP, it doesn't make a ton of sense to add the QoS flag there. If you're running into voice/VoIP…
-
Hi @mduphily The purpose of custom interfaces is that they do not show up in any alias or action. You can make SNAT to IPs on custom interfaces, but you must specify them. If you wish to use an alias to connect to devices on an interface, consider using a zone other than custom.
-
Hi @JonathanWilson You can set up authpoint for the local users as well. See: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/logon-app_about.html
-
In addition to Bruce's suggestions, drop in mode may also be a viable solution for you: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/net_config_dropin_about_c.html
-
@HN13 Please create a support case - The issue here was from several months ago and may very likely not be the same issue.
-
Hi JSAV You can define Primary and Secondary gateways in AuthPoint. See: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/authpoint/gateways.html You can also set up Primary and Backup RADIUS servers on the Firebox. See:…
-
Hi @AlGilson SD-WAN should continue to work with an expired license key provided the license key is still on the firewall (e.g., it's better to have the expired license loaded on the device, than no license at all.) The only services that should generally be expiring are the subscription service. If your webblocker policy…
-
Hi @kcarpenter I'd suggest creating a support case so we can take a look at your logs and determine what is being triggered. My suspicion would be potentially a chrome plugin/extension that is triggering for the users. Taking a look at your logs should be able to help pinpoint the issue.
-
Hi @jmberne There isn't a way to change this. Moving to a lower value can cause the connection to flap back and forth. If you'd like to have more granular control over the VPN, I'd suggest looking into the IPSec VPN with the IPSec Client provided by NCP. It allows you to set up profiles for the users to use, which can…
-
Hi @EduardsB There's quite a few different factors - I'd suggest creating a support case so that we can look into your issue specifically.
-
Hi @Nathan The issue with this is that the failover tech used by both Forti and Cisco are proprietary. Adding multiple gateway pairs on both sides of the VPN with a reasonable SA life (an hour or so) will effectively create failover, it just won't go back to the top of the gateway endpoint list until the SA life expires.…
-
Hi @HN13 The lock is only visible if multiple admins are enabled. See: (Define Firebox Global Settings) https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/basicadmin/global_setting_define_c.html (look for the section in the article called "Device Administrator Connections") Enabling WatchGuard…
-
Hi @RStockum There is an open feature request for this type of enhancement -- it is FBX-5429. Please create a support case and mention FBX-5429 if you'd like to follow it.
-
Hi @jmberne The backup IP setting only works for data transport, if the client doesn't already have a copy of the SSLVPN profile, it won't be able to connect at all if the primary is down. If you'd like to be able to control what IP the SSLVPN connects to, use a FQDN instead of your IP in your SSLVPN settings under primary…