Comments
-
Hey @stuart_seed, This is a rather sensitive topic. I went with Juniper. Also have a box full of AP-325's & 420's if you need some. https://community.watchguard.com/watchguard-community/discussion/2569/wifi-6-migration#latest
-
Can't believe I'm the first person to run across this issue so I opened a support ticket on it. #01848779 Appears the option to use either MFA or user/pass inside the Access Portal is expected behavior. Below is the support tech's response: _I don't know why it was designed that way, but that is expected behavior.…
-
Thanks for the input @"Tristan.Colo" and @"kimmo.pohjoisaho", much appreciated. I didn't realize the max MBs transfer was to the WG Cloud and not between local machines. Just learned something :-) I'll email my WG Partner (as I'm not one) and see if I can get access to the training videos. * Doug
-
Hey @"Tristan.Colo" Thanks for the advice, and yeah, RTFM right? I did go through most all the tutorials before as I have MFA running for accessing servers and the firebox. Just completely missed the part about the welcome email, which was quite obvious upon second glance. In the meantime I'll stop importing users and work…
-
Hey James, After more research it looks like good old MS wants you to become part of their Azure AD services in order to secure many of their products via MFA. Thought about Access Portal for OWA, but not certain how that will work with Active Sync and smart phones. Not to mention user frustration. Just want to find one…
-
The issue resolved itself. It just started working as designed. Don't know why. Support was thinking it was DNS related but never got around to testing and verifying that. Since it's working I'm not going to mess with it.
-
Opened a support ticket. I'll post the answer when I have it.
-
Hey James, No, no policies that require a user to be logged in for Internet access. Did move the IP's of the servers to a different HTTPS Proxy to avoid the DPI, but that didn't work either. Which exceptions and log files are you referring to? I checked the Event Logs on the servers but no errors were reported relating to…
-
You may wish to check your Tunnel Addresses and see if they are set up with the correct IP ranges. Local Remote 10.0.0.0/24 <==> 10.0.1.0/24 10.0.1.0/24 <==> 10.0.0.0/24 As an example. Check your PING policy that it includes BOVPN tunnels also.
-
Have you tried using HostWatch inside of System Manager? This will give you a graphical view of the hosts, connections, data rates, plus more, and it looks pretty cool to boot. It's the icon directly under the "H" of Help on the top menu.
-
Try flushing the DNS cache on your PC ipconfig /flushdns If that doesn't work verify that your DHCP server is dynamically updating the DNS records. Rt. click Scope > Properties > DNS tab and configure the DNS dynamic updates.
-
Hey James, Thanks for the explanation and also explaining the pitfalls of the single switch configuration. (and on a Sunday too!) I do like your idea of two inexpensive unmanaged switches for the external interfaces instead of a single managed switch using VLAN's. Eliminates the pitfalls you mentioned. Your input is much…
-
Forgot to mention that Bruce. A/P :-)
-
I would contact your VOIP provider and open a support ticket with them as issues like this need looked at from both ends. You could also perform a TCP dump on the WAN interface while the issue is happening. Open the dump file in Wireshark and use Wireshark's built in tools to search for VOIP issues. Or maybe your IP phones…
-
Hi @DCAFS, I ran into the same issue a while back while updating an existing third party cert on my firebox. My resolution was to completely remove the old third party cert and add the updated cert as a new one. Once I did that the firebox took the new cert and worked fine.
-
If and when this happens it would be nice if WG reached out to the community for their input on what we admins want to grow and future proof our networks. With AP's, security cameras, and many other devices requiring more power than PoE+ can provide, and massively increased bandwidth usage for these devices, the old 1 gig…
-
I was planning on upgrading my existing WG AP's v5 to their new WiFi 6 AP's but decided to run with Juniper instead. One deciding factor was the "Must use Cloud and have active subscriptions in order for AP to work" motto from WG. Feel if I spend $1K on an AP I should be able to manage it with or without a Cloud…
-
USB to Ethernet connector was the winner. Just a good reminder, even though you have done something a hundred times make sure you are paying attention or bad things can happen.
-
Feel your pain sometimes @TestingTester , opened the case on Friday, no response until Wednesday after I called asking for an update. Come to find out my issue appears to be a bug in the new WG WiFi Cloud, according to WG Support. Moved onto Engineering now. AP wants to connect, the Cloud won't let it due to the RMA swap…
-
Aww, I tried the OTP and the QR Code initially but that failed. Gonna try and boot in Safe Mode, disable the Hyper-V services, and boot normal and see if that works. Next option is a USB Ethernet connector, find the server in Windows Admin Center, then remove the Authpoint Client. I've used Windows Admin Center before to…
-
Well, I got my replacement AP from the RMA and WG Customer Service already had it added to the Cloud. Plugged in the new AP, waited, and waited, and all I get is solid orange LED's. Which means either booting, or hardware failure according to the Quick Start Guide they send. The AP was able to obtain an IP address and…
-
Had to RMA the AP. After trying to reset the AP to defaults it never booted again. Solid orange lights. New AP arrived today so hopefully better luck. WG Support has been very helpful and I appreciate that.
-
Trying not to put salt in a wound here, but I did purchase an AP430CR for special event outdoor use, after I got it up and running in the cloud I updated the firmware and now it won't obtain an IP address. Just flashes orange dots at me. Tried different switches, networks, DHCP servers. No go. Submitted a support case.…
-
I get what you are saying @TestingTester, and have been looking at Aruba, Ruckus, and others. Sorta abysmal when I can run down to the local Home Depot and pick up a $49 Belkin wireless router that has more features than the new WG Cloud. A major hurdle is product availability. The lower end AP's from most vendors are…
-
Figured it out, my fault. Neglected to create an Authentication Group in the FB SSL Configuration that matched the group created in AuthPoint Groups. Worked fine after that. Yeah, I know, RTFM. * Doug
-
In SD WAN add a new action Secondary Only Create a new ping policy from VLAN ID > Any External Choose Route outbound traffic using SD WAN In the SD WAN action drop down choose the Secondary Only Action. Now your pings from that vlan will route our your secondary using sd wan. Hope that's what you are looking for.
-
James, I did open a ticket and the issue is resolved. The support rep did everything I tried, but yet it happened to work for him. He claimed "it was the order he did things" just to make me feel better I think. Now I know how users feel when their problem is fixed the moment I stand next to them. Having SSL-VPN issues…
-
Hey James, Original gateway was on a Win 10 VM, so I downloaded the latest gateway from WG Cloud along with a new config file and installed on a Server 2019 VM and made it the primary gateway. All was good and the External Identity test was successful, but once again Group Sync fails. I've tried Domain Admin and Enterprise…
-
There are no Audit Failure logs on either DC, nor were there any Audit Success logs for the account created for the AuthPoint External Identity. Only when I logged onto a PC using the AuthPoint account did the event get logged on the DC. Also getting this error in the gateway.application log file: 2022-02-14 00:00:24 INFO…
-
After deleting the existing cert, and still failing to install the new cert, I generated a new CSR, and re-keyed the cert. The re-keyed cert installed fine. Not certain why the renewed cert didn't' install and I had to re-key it, but that's the way the pickle squirts sometimes. :-) * Doug