Comments
-
Got it. Thanks @"james.carson"
-
Did you try 68.105.28.16 also? EDIT: I just tried pinging 68.105.28.16 from behind a different Firebox and it got blocked as well. So for some reason this Cox DNS server IP is on Watchguard's botnet list.
-
Here are ping results to two Cox DNS servers. One is working the other is not. The log does mention botnet="destination". I haven't looked into botnet controls. What does that mean? EDIT: I read up on botnet detection. It looks like the Firebox blocked this destination IP address as a botnet. I've added botnet exceptions…
-
FYI, tech support has confirmed this to be a bug.
-
I'm not super concerned, just curious what the logic is when both QoS and TM are in play simultaneously. Consider the following scenario... Assume I have a 50 Mbps internet connection. I start an upload through the Outgoing policy that consumes all 50 Mbits of bandwidth. This policy has no TM or QoS configured.…
-
The documentation is pretty vague... Does this imply that there are 9 queues when both TM and QoS are active (1 for TM and 8 for QoS)? If so is the TM queue higher or lower priority that the 8 QoS queues? My guess too is that QoS markings get priority but that's just a guess, and the documentation is lacking the details…
-
It seems that filtering traffic by IP address (IPv4 or IPv6) is the only option here. I was trying to avoid that for multiple reasons. * IP addresses change * Many companies don't publish IP address, just domain names * Using the ASN lookup method gives very broad IP ranges, doesn't allow for granular targeting I mentioned…
-
Good to know. My test setup is M300 (local) to T55 (remote). I removed the gateway/tunnel BOVPN configured between these endpoints and added a BOVPN virtual interface based tunnel. Like you, I'm now seeing ESP packets out the external interface on the M300 correctly marked with DSCP CS7. So this seems to work with a…
-
On the T20, is the remote endpoint a Firebox? (i.e. is the Remote Endpoint Type for the BOVPN virtual interface set to Firebox?) The documentation states... "From the Remote Endpoint Type drop-down list, select either Firebox or Cloud VPN or Third-Party Gateway. To connect to another Firebox, or to a third-party endpoint…
-
Perhaps? I had already opened a case inquiring about this functionality before you pointed out the Enable ToS for IPSec option. Waiting to hear back from support currently, I'll see what they have to say.
-
This documentation implies that the Enable TOS for IPSec setting should do what I'm wanting but it doesn't seem to be working. All traffic exiting the external interface destined for the remote VPN endpoint has a DSCP value of CS0. Initially I had the BOVPN-Allow.out policy configured to Assign a DSCP value. Thinking that…
-
Looks promising, I'll do some testing and find out.
-
Well, except the goal here is to get this working with IPv6.
-
That may have been the DropBox subnet for that particular connection but they publish 17 different domains that traffic originates from (see link in original post). So filtering on a single IP subnet isn't really a reliable option. I'm not too concerned with posting a public IP. After all the network is protected with a…
-
I need to throttle DropBox traffic. The issue is with the desktop client, not the web interface. The client runs as a service and syncs data between DropBox servers and the local system over HTTPS. With content inspection enabled it is not working. I'm using the default Proxy Authority cert for testing, which the client is…
-
Content inspection was not being used for these sites. No error message displayed to users, browser just spins. There's eventually a timeout error of some sort in the traffic monitor but nothing to useful. I actually opened a case for similar behavior a couple of months ago and the workaround was to select Enable only when…
-
Makes sense. But they should expire from the blocked sites list once packets were no longer being received. Which leads me to believe there's an issue with the Fireware OS. In any event I'll keep an eye on it and see if it happens again. Thanks
-
This is an M300. Right, just wondering how they got there to begin with. It's also odd that they never timed out. The Firebox showing a port scan attack coming from a Google DNS server seems erroneous.
-
Looks like similar issue reported here in Aug 2020 after upgrading to 12.6.2. The device I had this issue on is running 12.5.8 BTW. https://community.watchguard.com/watchguard-community/discussion/comment/4641#Comment_4641 Bug?
-
Yeah, I considered that it may be an issue with the old software. Regarding FQDNs not supported on this version, are you sure that's accurate? FQDN is an option In the **Add Member **dialog box. Screenshot Another thing I noticed is that captureone.com is hosted on Akamai's platform which serves content from many nodes.…