Comments
-
@"james.carson" Thank you. I am already on 12.7.2 so it do not get any never. The reason for this post was more for others, if they expirienced the same issues, but i have had a cas eopened for this issue, 01639955. To this case i have uploaded debug logs and pcitures. I some point i though it could be caused by a a client…
-
For now to get a stable vpn connection you have to change to ikeV1 until WG releases a fix for the ikeV2 issue.
-
@SMSystems https://techsearch.watchguard.com/KB?type=Known%20Issues&SFDCID=kA16S000000O6woSAC&lang=en_US
-
You can disable tls 1.0. I guess that leaves 1.1 and 1.2 enabled.
-
@justanotheruser Well, if you would apply your last xlm configuration to the device, you would still have no management access. You would need to apply a xml config where the management access is enabled. Then you would power off the current master, power on the device you just reloaded with a working configuration and the…
-
@LeeJohnson If you turn debug logning way up for ike, does the logs say anything usefull? /Robert
-
@cloud yes. when you add the fireboxes to the cloud interface tdr licenses will be combined. robert
-
@"james.carson" Case created, 01656791.
-
@"james.carson" @Bruce_Briggs Ahh, i get it.
-
@"james.carson" I have tested on my own laptop and i have local admins rights. Connecting with client 12.7 to fireware 12.7.2 do not give me a pop up for a newer version. If i look at the installer 12.7 has product version 12.7 and file version 12.7 and 12.7.2 has product version 12.7.2 and file version 12.7.2.0. Should…
-
Hi @"james.carson" Thanks. For the specific user i can tell, he is a local admin on his domain PC, so if i understand you correct, he should get a client update information? /Robert
-
Looking at the support log file it seems as all data related to ike/ipsec is synced between members except for phase 1 SA´s. But i can very well be wrong here??
-
You can disable cloud logning for a device on the cloud web interface.
-
The same happens with bovpn connections during a failover. All ike connections is rekeyed. There is some ike/ipsec synchronization (Message Id synchronization, IPsec Replay Counter??) between the members, but i do not know exactly what is synced or if rekeying infact is to be expected. /robert
-
Thank you.
-
Hi @"james.carson" I have created a case, 01648162. /Robert
-
@"james.carson" I upgraded another M370 cluster tonight from the cloud and getting the same error message: 2022-02-02 22:01:20 NetGroup-HA2 cad XML-RPC response parsing failure: -510 - 131596-byte supposed UTF-8 string is not valid UTF-8. UTF-8 string contains a character not in the Basic Multilingual Plane (first byte…
-
@"james.carson" I do have some "external" parties (very limited) which also is administrators, and we can disable the use of firebox authentication as they have access via VMWare also to the guest. They are admins at 1 of our sites, but not at other sites we are running. At other times we have accounts which has to be…
-
@"kimmo.pohjoisaho" Thank you for this explanation. Very easy to understand. You made my day. Thank you.
-
@"kimmo.pohjoisaho" Now i got it. No need for a radius authentication server on the firebox anymore. All users and groups must be associated with authentication server AuthPoint (which is created when adding the firebox to the Cloud as a ressource) in the firebox configuration. When configuring the firebox as a radius…
-
@"kimmo.pohjoisaho" Waw, you are total right! I created a firebox radius client as a resource and made a authpoint policy. Now i get asked, if i want to use pust or OTP with both sslvpn and firebox authentication. This has gone wrong on many plans for me. First i had a Watchguard gold partner helping me to setup the first…
-
@"kimmo.pohjoisaho" Okay, i am confused now. Well, mine is very different. Are you using AuthPoint Gateway as a radius server? Yes. i.e. have you configured AuthPoint GW as a radius server in the Fireware Authentication Server settings Yes, under radius i have it setup to the ip adress an dport number the AuthPoint gateway…
-
@"kimmo.pohjoisaho" I am on version 12.7.2 and using the new AuthPoint integration, but i have no option anywhere to choose the authentication method in the firebox configuration when i use a radius. I asked support and there is a request for this option. RFE - AAAS-6139 Allow both OTP and Push for RADIUS resources /Robert
-
Hi @"james.carson" Sorry for not being more specific. Yes, you are correct kerberos authentication works with the Windows logon app agent, but it is not supported on https://authpoint.watchguard.com/kaufmann and firebox authentication. /Robert
-
Well, a bit bad as the Security services stops working until it is fixed.
-
I Wonder why it is not listet as a issue on the status page? https://status.watchguard.com/
-
Radius is supported - i have this working. Otp with radius works. Push with radius works. But not if you enable both in the same AuthPoint policy. So we have to have AD groups for otp users and groups for push users each with different AuthPoint policies.
-
Finally got through and they are aware of the feature key issues with rental devices and working on it.
-
@"james.carson" I did open a case, 01638367, and the memory usage is normal and to be expected. And if this is the case, i think WG should update the documentation and remove the word "lightweight" client and give a hint of the expected memory usage the services as a minimum will use. Even at boot time the memory usage…
-
Thank you. I´ll do.