Comments
-
I am using 6 x vCPU´s and it´s setting around 26% cpu usage when just receive logs from the devices. Memory is set to 8GB. The database is 1.9TB in size. At som epoint i had WG support to fine tune the database settings as some rutines would crash.
-
Can´t i just use the OTP option to enter the OTP from the AuthPoint app?
-
I use sd-wan on nearly all my t20´s to route http(s) traffic via my M370 cluster for scanning, so my smaller devices might not be using as much resources on scanning as yours. Only Office 365 and other very specific http(s) traffic is routed directly through the t20 with scanning.
-
Odd. I have 35 T20´s running 12.8 U1 and so far i have not had issues. They are running basic security suite.
-
thank you
-
We are running Meraki wifi every where and have been a happy customer for nearly 8 years. Still have many old MR18 AP´s running though out of SW support. Soon time for a upgrade to never Meraki AP´s. We are also using their switches in all our retail stores and again very happy with the management capabilitiesm but we also…
-
@"james.carson" Thank you for the clarification. I have a remote location where my ike tunnels started to have extremly high packet lose, but everything else is working normal - that is non encrypted traffic. And only my virtual interfaces has errors, both TX and carrier and all physical interfaces is running smooth. It…
-
Thank you
-
No, but last week i had TDR killing OneDrive process as a thread :)
-
Very good idea. You can set time schedules on policies but not that advanced you describe which would be a feature i could use. Back in time when i was using Juniper i always liked the possibility, when saving a new configuration, to auto roll back withing X minuttes, if you did not acknowledge the new configuration after…
-
@"james.carson" Thank you. I am already on 12.7.2 so it do not get any never. The reason for this post was more for others, if they expirienced the same issues, but i have had a cas eopened for this issue, 01639955. To this case i have uploaded debug logs and pcitures. I some point i though it could be caused by a a client…
-
For now to get a stable vpn connection you have to change to ikeV1 until WG releases a fix for the ikeV2 issue.
-
@SMSystems https://techsearch.watchguard.com/KB?type=Known%20Issues&SFDCID=kA16S000000O6woSAC&lang=en_US
-
You can disable tls 1.0. I guess that leaves 1.1 and 1.2 enabled.
-
@justanotheruser Well, if you would apply your last xlm configuration to the device, you would still have no management access. You would need to apply a xml config where the management access is enabled. Then you would power off the current master, power on the device you just reloaded with a working configuration and the…
-
@LeeJohnson If you turn debug logning way up for ike, does the logs say anything usefull? /Robert
-
@cloud yes. when you add the fireboxes to the cloud interface tdr licenses will be combined. robert
-
@"james.carson" Case created, 01656791.
-
@"james.carson" @Bruce_Briggs Ahh, i get it.
-
@"james.carson" I have tested on my own laptop and i have local admins rights. Connecting with client 12.7 to fireware 12.7.2 do not give me a pop up for a newer version. If i look at the installer 12.7 has product version 12.7 and file version 12.7 and 12.7.2 has product version 12.7.2 and file version 12.7.2.0. Should…
-
Hi @"james.carson" Thanks. For the specific user i can tell, he is a local admin on his domain PC, so if i understand you correct, he should get a client update information? /Robert
-
Looking at the support log file it seems as all data related to ike/ipsec is synced between members except for phase 1 SA´s. But i can very well be wrong here??
-
You can disable cloud logning for a device on the cloud web interface.
-
The same happens with bovpn connections during a failover. All ike connections is rekeyed. There is some ike/ipsec synchronization (Message Id synchronization, IPsec Replay Counter??) between the members, but i do not know exactly what is synced or if rekeying infact is to be expected. /robert
-
Thank you.
-
Hi @"james.carson" I have created a case, 01648162. /Robert
-
@"james.carson" I upgraded another M370 cluster tonight from the cloud and getting the same error message: 2022-02-02 22:01:20 NetGroup-HA2 cad XML-RPC response parsing failure: -510 - 131596-byte supposed UTF-8 string is not valid UTF-8. UTF-8 string contains a character not in the Basic Multilingual Plane (first byte…
-
@"james.carson" I do have some "external" parties (very limited) which also is administrators, and we can disable the use of firebox authentication as they have access via VMWare also to the guest. They are admins at 1 of our sites, but not at other sites we are running. At other times we have accounts which has to be…
-
@"kimmo.pohjoisaho" Thank you for this explanation. Very easy to understand. You made my day. Thank you.
-
@"kimmo.pohjoisaho" Now i got it. No need for a radius authentication server on the firebox anymore. All users and groups must be associated with authentication server AuthPoint (which is created when adding the firebox to the Cloud as a ressource) in the firebox configuration. When configuring the firebox as a radius…