[email protected]

Comments

• @"james.carson" Case opened, 01621129. /Robert

  in WSM configuration template certificate bug Comment by [email protected] December 2021
• @"james.carson" Thanks. It was one of the first things i tried, and just tried again, but it does not solve the issue. I have updates my case with this info. Case number 01619709. /Robert

  in Domain option missing from Firebox webinterface Comment by [email protected] December 2021
• > @"james.carson" said: > Hi @"[email protected]" > If you're using NPS to integrate with AD, we get the group info via attribute 11 (FilterID) in the RADIUS access-accept. If NPS wasn't providing this before, the firewall will assume no group. @"james.carson" Thanks. But is that part not Missing from the guide i have linked…

  in Filter-ID Authpoint or AD Comment by [email protected] December 2021
• Case opened 01613256

  in Firewall denied traffic from authenticated user as Unhandled external traffic Comment by [email protected] December 2021
• I have opened a case, 01619709

  in Domain option missing from Firebox webinterface Comment by [email protected] December 2021
• > @morpheus27 said: > Thanks. I suppose the following takes me to the same place? > Policy Manager - VPN - IKEv2 Shared Settings... > > This is the default settings: > SHA2-256-AES (256-bit) | D-H Group14 > SHA1-AES (256-bit) | D-H Group5 > SHA1-AES (256-bit) | D-H Group2 > SHA1-3DES | D-H Group2 > > Can I just edit the…

  in AES-GCM Encryption Comment by [email protected] December 2021
• Thank you

  in Recommended Host Sensor Settings for Best Performance Comment by [email protected] December 2021
• @"james.carson" This i have noticed on existing ones where the template has been upgraded from ealier versions. Robert

  in WSM configuration template certificate bug Comment by [email protected] December 2021
• @"kimmo.pohjoisaho" Thank you

  in Firewall 12.7.2 no logs visible in FSM Comment by [email protected] December 2021
• I don´t know what to say about WG support. I´m impressed how bad the support is sometimes. I wrote to the support person after some conversation, if he did not know the answer then escalate the case. He´s response: Please take notes that I'm not here to give you an answer to your problem, I'm here to gather all the…

  in Firewall denied traffic from authenticated user as Unhandled external traffic Comment by [email protected] December 2021
• @pacificadmin It´s not related to the GRE incapsulation. I just changed one of my virtual bovpn tunnels to a non firebox type removing the GRE option and the ESP packets is marked with the DSCP value, i have assigned on the firewall policy.

  in Copy DSCP value to ESP header for BOVPN Comment by [email protected] November 2021
• My bovpn remote end is set to Firebox, so yes, the tunnel are using GRE.

  in Copy DSCP value to ESP header for BOVPN Comment by [email protected] November 2021
• Odd, if i test with a virtual bovpn interface and capture ESP packets on the fysical outgoing interface the DSCP value is set. Differentiated Services Field: 0x30 (DSCP: AF12, ECN: Not-ECT) 0011 00.. = Differentiated Services Codepoint: Assured Forwarding 12 (12) .... ..00 = Explicit Congestion Notification: Not…

  in Copy DSCP value to ESP header for BOVPN Comment by [email protected] November 2021
• I have opened a case today. Let´s see what they say.

  in Firewall denied traffic from authenticated user as Unhandled external traffic Comment by [email protected] November 2021
• Seems you are right. I just tested it on a bovpn with fireware 12.7.2 Tcpdump on ESP at the outgoing interface shows default tos 0x0 Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) I have enabled QoS and set the dscp value to other than 0 on a test policy. Is this a bug?

  in Copy DSCP value to ESP header for BOVPN Comment by [email protected] November 2021
• The remote ip is allowed - and if i choose to set the policy source as the ip address instead of the authenticated AD user, it works, so it´s not policy issue.

  in Firewall denied traffic from authenticated user as Unhandled external traffic Comment by [email protected] November 2021
• Is it enough to enable TOS for Ipsec? https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/global_vpn_settings_about_c.html VPN -> VPN settings

  in Copy DSCP value to ESP header for BOVPN Comment by [email protected] November 2021
• @"james.carson" @greggmh123 Thank you both.

  in Import Microsoft PEM certificate Comment by [email protected] November 2021
• @"james.carson" I noticed, it only happens on some devices and must likely only when it is added to the WSM server as a fully managed device. DVCP logs: Reapplying templates works and i see no issues, so i guess it´s a minor issue first time added a device a as fully managed device. /Robert

  in DVCP Error: Unable to download HTTPS DPI exception list Comment by [email protected] November 2021
• @toscanatlc And what i wrote was, i do not have that issue.

  in M370 Active directory authentication fail after 12.7.2 Comment by [email protected] November 2021
• @toscanatlc more odd. Searching for any of the words DNS_PROBE_FINISHED_NXDOMAIN in dimension the last 24 hours from my clusters do not show any of these events and i have selected ALL in search options.

  in M370 Active directory authentication fail after 12.7.2 Comment by [email protected] November 2021
• @drnet What subdomains?

  in M370 Active directory authentication fail after 12.7.2 Comment by [email protected] November 2021
• odd, i had some minor issues upgrading to 12.7.2 but both my clusters and single units are running without issues (as far as i know).

  in M370 Active directory authentication fail after 12.7.2 Comment by [email protected] November 2021
• @"james.carson" I just got it confirmed by Michael Ditmann. It is because AD rejects ntlm authentication and require kerberos. Ldap data error code 52f: 49 52f 1327 ERROR_ACCOUNT_RESTRICTION

  in AD users in Protected Users group Comment by [email protected] October 2021
• @"james.carson" https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group No, i mean the issue is as soon as a user becomes member of Protected Users group authentication stops working. I suspect is it because fireware do not support kerberos, and only…

  in AD users in Protected Users group Comment by [email protected] October 2021
• Thnak you.

  in Import Microsoft PEM certificate Comment by [email protected] October 2021
• I think this would be a question for WG support.

  in FireBoxV Kernel Panic on KVM Comment by [email protected] October 2021
• So annoying when the support person only reads half of the provided text :(

  in T20: upgrade to 12.7.2 killed all my vpn with AES-GCM Comment by [email protected] October 2021
• If the M270 devices is connected directly to each other, i would suspect a hardware failure on one of the devices, maybe a NIC issue. Have you checked the NIC status on each device? Do you have other equitment running in the same lan with the same vrrp address?

  in why the cluster is going crazy Comment by [email protected] October 2021
• And this, i believe, has nothing to do with our technical skills, but rather a bad designed GUI interface.

  in Adding a optional interface to Azure hosted Firebox Comment by [email protected] October 2021
More Comments