Comments
-
I think I am close. Inside the DUO console I see it trying to work. Says the Yubikey password is incorrect. Though I imported it correctly, maybe not.
-
Does it have to be LDAP? I have radius working already with Duo.
-
I have added it to the Duo account. I guess I just don't understand the process. After adding it then what? The Yubikey is attached to my USB port. I start the SSL VPN client. If I type in my password it activates the app on my phone. How does the key interact with the client?
-
I can also confirm issues in regards to SD-WAN behavior. We have 2 Wan connections. For some rules I had a SD-WAN policy to just use one of the wan connections. After the update to 12.4 my web server stopped working externally. Turning off the SD-WAN in the policy fixed it. It was fine in 12.3. For outbound only the SD-WAN…
-
Thanks for the link. Although a pain it does give instructions on how to fix Firefox through group policy.
-
Well it didn't take long to run into another problem. Went to a news site and got this error. www.***.com is most likely a safe site, but a secure connection could not be established. This issue is caused by Fireware HTTPS Proxy (SN 91650503B5BCE 2019-05-21 22:24:15 MDT) CA www.google.com also causes this issue. But only…
-
Rebooting the Firebox did fix the issue. Its now using the default certificate. Downloaded the cert from the portal and imported it into the Trusted Root Certification Authorities and now its inspecting without errors. Thanks for your help.
-
I don't think thats necessary. Article clearly indicates that if you remove a certificate that was imported for inspection and you remove it, the Firebox will replace it with the default upon restart. I have not removed any Watchguard Certificates.
-
From a watchguard article: Do not remove a certificate from your Firebox unless you plan to replace it. If you remove a certificate and do not replace it, the Firebox automatically replaces the missing certificate with a default certificate if the device restarts. Might update the Firewall and reboot to see if it fixes the…
-
I just read an article that indicates that I have to restart the Firebox
-
Its turned on. I have a policy just for me. When I enable it I get this in the traffic monitor. "unable to get resigning cert" I know this policy works because its the same one I was using to test with when I had my certificate loaded.
-
I went ahead and removed our wildcard certificate as I don't see a need to have it on there. But now when enabling the inspect it does not appear to use the Watchguard default certificate. Can you choose a certificate? I don't see a way to do that.
-
So I am guessing that people might configure custom rules for devices like phones and tablets to be separate from the domain computers then. I don't think people would enjoy having to install this cert on every device that accesses the internet.
-
I was able to get this working by removing the AP. Then add it back and setting the Static IP. Tried doing this before and the AP ended up trying to Authenticate constantly. So I reset it. Seems like it should be easier than this but at least its now connected.