Comments
-
OK Doug, note to self: Pull head out of rear and check proper email address associated with Authpoint token for activation. Problem resolved. :<{ Doug
-
Hey James, I was able to use the web interface to install the new cert fine. Have closed and opened Policy Manager several times. I'll try creating a new proxy (not cloning) and see what happens. Thanks!
-
Under Edit Doman Name Rule there is an option to choose the cert, but it only allows Default
-
Maybe I should clarify. I'm running SD-WAN and currently have one external Internet connection down. The firebox is still connected to the ISP's router, and the router is up, so the Web UI displays the link as up. Which it technically is to the ISP router, but the connection is actually down due to cut fiber on the ISP…
-
I have an application doing the same thing with O365. You need port 587 and TLS. I just created a custom packet filter instead of a proxy as the application just sends plain text acknowledgements. Easier that way.
-
Do you have another piece of hardware between the external interface of your firebox and either the Internet or a WAN provided by an ISP? Sometimes these devices will send mulitcast traffic for monitoring purposes to see if you are still up and if anything has changed.
-
Maybe verifying the virtual switch configuration in Hyper-V and making sure the Dimensions server is attached to the correct virtual network adapter.
-
HP has an E-Print option which may work for you. I've used it before. Not certain as to it's security for printing checks, but it's worth a look. https://www.hp.com/us-en/shop/tech-takes/what-is-hp-eprint * Doug
-
These are the top culprits for the past seven days, with 1133253 being the most detections. It's a Linux or Open BSD exploit. 1133253 1138920 1130593 1056055
-
I see what you are saying, having a direct SNAT via HTTP to your Exchange Server seems a bit insecure. A good majority of my IPS detections are trying to exploit this very opening. The whole purpose of Outlook Anywhere is for the Outlook client to be able to access email without having to utilize a VPN connection.…
-
Hey @stuart_seed, This is a rather sensitive topic. I went with Juniper. Also have a box full of AP-325's & 420's if you need some. https://community.watchguard.com/watchguard-community/discussion/2569/wifi-6-migration#latest
-
Can't believe I'm the first person to run across this issue so I opened a support ticket on it. #01848779 Appears the option to use either MFA or user/pass inside the Access Portal is expected behavior. Below is the support tech's response: _I don't know why it was designed that way, but that is expected behavior.…
-
Thanks for the input @"Tristan.Colo" and @"kimmo.pohjoisaho", much appreciated. I didn't realize the max MBs transfer was to the WG Cloud and not between local machines. Just learned something :-) I'll email my WG Partner (as I'm not one) and see if I can get access to the training videos. * Doug
-
Hey @"Tristan.Colo" Thanks for the advice, and yeah, RTFM right? I did go through most all the tutorials before as I have MFA running for accessing servers and the firebox. Just completely missed the part about the welcome email, which was quite obvious upon second glance. In the meantime I'll stop importing users and work…
-
Hey James, After more research it looks like good old MS wants you to become part of their Azure AD services in order to secure many of their products via MFA. Thought about Access Portal for OWA, but not certain how that will work with Active Sync and smart phones. Not to mention user frustration. Just want to find one…
-
The issue resolved itself. It just started working as designed. Don't know why. Support was thinking it was DNS related but never got around to testing and verifying that. Since it's working I'm not going to mess with it.
-
Opened a support ticket. I'll post the answer when I have it.
-
Hey James, No, no policies that require a user to be logged in for Internet access. Did move the IP's of the servers to a different HTTPS Proxy to avoid the DPI, but that didn't work either. Which exceptions and log files are you referring to? I checked the Event Logs on the servers but no errors were reported relating to…
-
You may wish to check your Tunnel Addresses and see if they are set up with the correct IP ranges. Local Remote 10.0.0.0/24 <==> 10.0.1.0/24 10.0.1.0/24 <==> 10.0.0.0/24 As an example. Check your PING policy that it includes BOVPN tunnels also.
-
Have you tried using HostWatch inside of System Manager? This will give you a graphical view of the hosts, connections, data rates, plus more, and it looks pretty cool to boot. It's the icon directly under the "H" of Help on the top menu.
-
Try flushing the DNS cache on your PC ipconfig /flushdns If that doesn't work verify that your DHCP server is dynamically updating the DNS records. Rt. click Scope > Properties > DNS tab and configure the DNS dynamic updates.
-
Hey James, Thanks for the explanation and also explaining the pitfalls of the single switch configuration. (and on a Sunday too!) I do like your idea of two inexpensive unmanaged switches for the external interfaces instead of a single managed switch using VLAN's. Eliminates the pitfalls you mentioned. Your input is much…
-
Forgot to mention that Bruce. A/P :-)
-
I would contact your VOIP provider and open a support ticket with them as issues like this need looked at from both ends. You could also perform a TCP dump on the WAN interface while the issue is happening. Open the dump file in Wireshark and use Wireshark's built in tools to search for VOIP issues. Or maybe your IP phones…
-
Hi @DCAFS, I ran into the same issue a while back while updating an existing third party cert on my firebox. My resolution was to completely remove the old third party cert and add the updated cert as a new one. Once I did that the firebox took the new cert and worked fine.
-
If and when this happens it would be nice if WG reached out to the community for their input on what we admins want to grow and future proof our networks. With AP's, security cameras, and many other devices requiring more power than PoE+ can provide, and massively increased bandwidth usage for these devices, the old 1 gig…
-
I was planning on upgrading my existing WG AP's v5 to their new WiFi 6 AP's but decided to run with Juniper instead. One deciding factor was the "Must use Cloud and have active subscriptions in order for AP to work" motto from WG. Feel if I spend $1K on an AP I should be able to manage it with or without a Cloud…
-
USB to Ethernet connector was the winner. Just a good reminder, even though you have done something a hundred times make sure you are paying attention or bad things can happen.
-
Feel your pain sometimes @TestingTester , opened the case on Friday, no response until Wednesday after I called asking for an update. Come to find out my issue appears to be a bug in the new WG WiFi Cloud, according to WG Support. Moved onto Engineering now. AP wants to connect, the Cloud won't let it due to the RMA swap…
-
Aww, I tried the OTP and the QR Code initially but that failed. Gonna try and boot in Safe Mode, disable the Hyper-V services, and boot normal and see if that works. Next option is a USB Ethernet connector, find the server in Windows Admin Center, then remove the Authpoint Client. I've used Windows Admin Center before to…