Comments
-
Because of the ms-chap encryption you need a NPS server + Azure AD Domain Services config.... https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/AuthPoint/Azure-firebox-ikev2-vpn_authpoint.htm
-
https://www.watchguard.com/wgrd-help/video-tutorials/overview choose “Network Security / Authentication & Certificates and check all the tech cert videos..
-
Azure MFA authentication options. PAP supports all authentication methods of Azure AD MFA: * Phone call * One-way text message * Mobile app notification * Mobile app verification code CHAPV2 and EAP support only: * Phone call * Mobile app notification WG sslvpn uses PAP and IKEv2 uses CHAPv2. WG mobilevpn needs from the…
-
Azure MFA authentication options. PAP supports all authentication methods of Azure AD MFA: * Phone call * One-way text message * Mobile app notification * Mobile app verification code CHAPV2 and EAP support only: * Phone call * Mobile app notification WG sslvpn uses PAP and IKEv2 uses CHAPv2. WG mobilevpn needs from the…
-
Justin are you using IKEv1 or IKEv2? if IKEv2, try changing to IKEv1.... is the WG the initiator? what happens when the Cisco tries to initiator the vpn connection?
-
What does the endpoint client have to with this issue? I am specifically asking about this problem: https://portal.watchguard.com/wgknowledgebase?type=Article&SFDCID=kA16S000000BcPmSAK&lang=en_US I don’t care about the WG endpoint client. Your TreatSync needs to be able to show these incidents from the Firebox (and…
-
Hi Ricardo, You mentioned ”ThreatSync will ingest these brute force detections by each product and display them as Incidents that can be responded to” I haven’t seen this in my or customers ThreatSync Monitor view, is this something the ThreatSync should already be able to do? I would expect to see this kind of incidents…
-
One way to also do this is to enable the Looback interface in the Firebox and then do S.NAT with server load balancing from the Loopback IP to the two NPS servers and configure the AuthPoint to connect to the Loopback IP.
-
for Cloud-Managed Fireboxes
-
SNMP for Cloud-Managed Fireboxes beta is finally out
-
SNMP for Cloud-Managed Fireboxes beta is finally out
-
https://www.watchguard.com/wgrd-partners/blog/feature-deprecation-notice
-
check this: https://techsearch.watchguard.com/KB/WGKnowledgeBase?lang=en_US&SFDCID=kA10H000000g3SPSAY&type=Known+Issues
-
https://portal.watchguard.com/wgknowledgebase?type=Known%20Issues&SFDCID=kA16S000000bz28SAA&lang=en_US
-
C:\ProgramData\WatchGuard\AuthPoint\logs
-
The nps extension uses now OTP as default, because Microsoft enabled the number matching to the Authenticator app authentication…. Are you using the Azure Security Default settings or Conditional Access Policies in Azure AD? If Security Default then try to add following registry key in the NPS machine: Registry key:…
-
check Event Viewer under Applications and Services Logs > Microsoft > AzureMfa > AuthN > AuthZ on the server where the NPS Extension is installed. checks this video: https://www.youtube.com/watch?v=VvKRVAqg934 have a strong feeling that your problem have maybe something to do with UPN suffix mismatch between your on-prem…
-
you can also test IKEv2 vpn and Android strongSwan IKEv2 vpn client. https://play.google.com/store/apps/details?id=org.strongswan.android&hl=en_US https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ikev2/mvpn_ikev2_about_c.html
-
https://learn.microsoft.com/en-us/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/
-
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/WG-Cloud/Devices/device_visibility_wg_cloud.html
-
https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en_US
-
You probably used the Firebox default self-signed certificate in the IKEv2 configuration on the M470. You need to download the new self-signed root certificate from the new M590 device and import this certificate to all IKEv2 client machines “Trusted Root Certification Authorities” store. Easiest way is to download the…
-
yep, you can create one Outgoing proxy policy that include both the http and https proxy. See following short video: https://www.screencast.com/t/eBbKGmLG85J3 This is the way how example the Cloud-managed Firebox does the config. One way is also that you change over to the Cloud-Managed way….…
-
If you are using the route-based BOVPN Vif configuration, try to configure a free IP address from your on-prem network in the BOVPN Vif / VPN Routes / Assign virtual interface IP addresses config. Firebox is now using this address when it is connecting to the remote LDAP through the VPN tunnel.
-
at the moment you can only add networks that are already configure in cloud-managed Firebox! So, you can’t example add manually a network that are found behind a BOVPN tunnel. I reported this “bug” months ago, but WG haven’t fixed this yet….
-
For the second server, you need to first create a new custom policy for port TCP 8443. Then a S.NAT policy where “Set internal port to different port” is 443 the inbound policy’s should look like this. to connect to the first srv, the address is: https://78.x.x.13 and when connecting to the second srv the address is:…
-
IKEv2 doesn’t download the settings from the Firebox every time you connect with IKEv2 like example the sslvpn client does. With IKEv2 you need to manually give these settings or edit the “AddVPN.ps1” in the IKEv2 *.bat file. In Fireware v12.2 or lower, you cannot configure DNS and WINS settings in the Mobile VPN with…
-
https://www.watchguard.com/help/video-tutorials/Set_Up_Mobile_VPN_with_IKEv2/index.html
-
Change the ikev2 virtual IP pool to something else than the trusted network, example to the default 192.168.114.0/24 and try again to connect.
-
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Endpoint-Security/manage-settings/advanced-protection.html#NetworkUsage WatchGuard Endpoint Security sends every unknown executable file found on user computers to WatchGuard Cloud for analysis. This behavior is configured so that it has no impact on the…