Comments
-
Good to know James, Thank You. * Doug
-
Even if the BOVPN policy is at the bottom of the list? So it take priority over the other policies?
-
I opened a support case the the issue caused my SSL-VPN and SSO to cease functioning. This was the issue: https://techsearch.watchguard.com/KB?type=Known%20Issues&SFDCID=kA1Vr0000004MI5KAM&lang=en_US Had to upgrade to 12.11 anyhow to resolve the bug. * Doug
-
So stop using the firebox to charge my cell phone then? Actually there is nothing plugged into any USB ports on the firebox. I may wait until 12.11.x before I upgrade. Sorta make it a habit of never upgrading to a new build # until the bug revisions come out.
-
Hey James, I didn't think of changing the "none matched" to "allow". Let me try it. The thought of using packet filters instead of proxies for email scares me to death. Something I may have to do to get by since this is only temporary. Thanks, * Doug
-
My guess would be something doesn't like your SFP Transceivers. A hardware or speed incompatibility most likely. Darn things can be finicky sometimes.
-
If I understand your configuration, your IP phone is acting as a switch for your PC. Are the phones and the PC's on the same subnet, or are the phones on a different VLAN than the PC's? If it's the second option I would look at the IP phones themselves and not the firewall. Having your phones re-provision on a 3CX system…
-
I 100% agree with you Bruce. * Doug
-
Have you tried looking at your outbound rules / proxies to make sure something like DPI isn't interfering with the connection? Even with a NAT Loopback rule you have to go out before you come back in.
-
OK Doug, note to self: Pull head out of rear and check proper email address associated with Authpoint token for activation. Problem resolved. :<{ Doug
-
Hey James, I was able to use the web interface to install the new cert fine. Have closed and opened Policy Manager several times. I'll try creating a new proxy (not cloning) and see what happens. Thanks!
-
Under Edit Doman Name Rule there is an option to choose the cert, but it only allows Default
-
Maybe I should clarify. I'm running SD-WAN and currently have one external Internet connection down. The firebox is still connected to the ISP's router, and the router is up, so the Web UI displays the link as up. Which it technically is to the ISP router, but the connection is actually down due to cut fiber on the ISP…
-
I have an application doing the same thing with O365. You need port 587 and TLS. I just created a custom packet filter instead of a proxy as the application just sends plain text acknowledgements. Easier that way.
-
Do you have another piece of hardware between the external interface of your firebox and either the Internet or a WAN provided by an ISP? Sometimes these devices will send mulitcast traffic for monitoring purposes to see if you are still up and if anything has changed.
-
Maybe verifying the virtual switch configuration in Hyper-V and making sure the Dimensions server is attached to the correct virtual network adapter.
-
HP has an E-Print option which may work for you. I've used it before. Not certain as to it's security for printing checks, but it's worth a look. https://www.hp.com/us-en/shop/tech-takes/what-is-hp-eprint * Doug
-
These are the top culprits for the past seven days, with 1133253 being the most detections. It's a Linux or Open BSD exploit. 1133253 1138920 1130593 1056055
-
I see what you are saying, having a direct SNAT via HTTP to your Exchange Server seems a bit insecure. A good majority of my IPS detections are trying to exploit this very opening. The whole purpose of Outlook Anywhere is for the Outlook client to be able to access email without having to utilize a VPN connection.…
-
Hey @stuart_seed, This is a rather sensitive topic. I went with Juniper. Also have a box full of AP-325's & 420's if you need some. https://community.watchguard.com/watchguard-community/discussion/2569/wifi-6-migration#latest
-
Can't believe I'm the first person to run across this issue so I opened a support ticket on it. #01848779 Appears the option to use either MFA or user/pass inside the Access Portal is expected behavior. Below is the support tech's response: _I don't know why it was designed that way, but that is expected behavior.…
-
Thanks for the input @"Tristan.Colo" and @"kimmo.pohjoisaho", much appreciated. I didn't realize the max MBs transfer was to the WG Cloud and not between local machines. Just learned something :-) I'll email my WG Partner (as I'm not one) and see if I can get access to the training videos. * Doug
-
Hey @"Tristan.Colo" Thanks for the advice, and yeah, RTFM right? I did go through most all the tutorials before as I have MFA running for accessing servers and the firebox. Just completely missed the part about the welcome email, which was quite obvious upon second glance. In the meantime I'll stop importing users and work…
-
Hey James, After more research it looks like good old MS wants you to become part of their Azure AD services in order to secure many of their products via MFA. Thought about Access Portal for OWA, but not certain how that will work with Active Sync and smart phones. Not to mention user frustration. Just want to find one…
-
The issue resolved itself. It just started working as designed. Don't know why. Support was thinking it was DNS related but never got around to testing and verifying that. Since it's working I'm not going to mess with it.
-
Opened a support ticket. I'll post the answer when I have it.
-
Hey James, No, no policies that require a user to be logged in for Internet access. Did move the IP's of the servers to a different HTTPS Proxy to avoid the DPI, but that didn't work either. Which exceptions and log files are you referring to? I checked the Event Logs on the servers but no errors were reported relating to…
-
You may wish to check your Tunnel Addresses and see if they are set up with the correct IP ranges. Local Remote 10.0.0.0/24 <==> 10.0.1.0/24 10.0.1.0/24 <==> 10.0.0.0/24 As an example. Check your PING policy that it includes BOVPN tunnels also.
-
Have you tried using HostWatch inside of System Manager? This will give you a graphical view of the hosts, connections, data rates, plus more, and it looks pretty cool to boot. It's the icon directly under the "H" of Help on the top menu.
-
Try flushing the DNS cache on your PC ipconfig /flushdns If that doesn't work verify that your DHCP server is dynamically updating the DNS records. Rt. click Scope > Properties > DNS tab and configure the DNS dynamic updates.