Comments
-
Well, I got my replacement AP from the RMA and WG Customer Service already had it added to the Cloud. Plugged in the new AP, waited, and waited, and all I get is solid orange LED's. Which means either booting, or hardware failure according to the Quick Start Guide they send. The AP was able to obtain an IP address and…
-
Had to RMA the AP. After trying to reset the AP to defaults it never booted again. Solid orange lights. New AP arrived today so hopefully better luck. WG Support has been very helpful and I appreciate that.
-
Trying not to put salt in a wound here, but I did purchase an AP430CR for special event outdoor use, after I got it up and running in the cloud I updated the firmware and now it won't obtain an IP address. Just flashes orange dots at me. Tried different switches, networks, DHCP servers. No go. Submitted a support case.…
-
I get what you are saying @TestingTester, and have been looking at Aruba, Ruckus, and others. Sorta abysmal when I can run down to the local Home Depot and pick up a $49 Belkin wireless router that has more features than the new WG Cloud. A major hurdle is product availability. The lower end AP's from most vendors are…
-
Figured it out, my fault. Neglected to create an Authentication Group in the FB SSL Configuration that matched the group created in AuthPoint Groups. Worked fine after that. Yeah, I know, RTFM. * Doug
-
In SD WAN add a new action Secondary Only Create a new ping policy from VLAN ID > Any External Choose Route outbound traffic using SD WAN In the SD WAN action drop down choose the Secondary Only Action. Now your pings from that vlan will route our your secondary using sd wan. Hope that's what you are looking for.
-
James, I did open a ticket and the issue is resolved. The support rep did everything I tried, but yet it happened to work for him. He claimed "it was the order he did things" just to make me feel better I think. Now I know how users feel when their problem is fixed the moment I stand next to them. Having SSL-VPN issues…
-
Hey James, Original gateway was on a Win 10 VM, so I downloaded the latest gateway from WG Cloud along with a new config file and installed on a Server 2019 VM and made it the primary gateway. All was good and the External Identity test was successful, but once again Group Sync fails. I've tried Domain Admin and Enterprise…
-
There are no Audit Failure logs on either DC, nor were there any Audit Success logs for the account created for the AuthPoint External Identity. Only when I logged onto a PC using the AuthPoint account did the event get logged on the DC. Also getting this error in the gateway.application log file: 2022-02-14 00:00:24 INFO…
-
After deleting the existing cert, and still failing to install the new cert, I generated a new CSR, and re-keyed the cert. The re-keyed cert installed fine. Not certain why the renewed cert didn't' install and I had to re-key it, but that's the way the pickle squirts sometimes. :-) * Doug
-
Hi James, I created a case #01642911 after failing to get the cert to upload. Thanks for helping! * Doug
-
Hi James, Well, that sounded like a great solution, but didn't work. I'll wait until off hours and remove the current cert and try adding the new one. Don't want to kick anyone off the VPN or Access Portal while I play with the certs. I'll let you know if that works, and if not maybe open a ticket. Thanks, * Doug
-
George, Thank You for taking the time to not only read my complaint, but for your genuine and honest response. Your openness regarding the struggles WG Support has experienced is refreshing and I commend you on it. I wish other companies could be as forthright as WG. There is someone I know that just received a degree in…
-
Always seems to be in the top 10 (if not top 5) of CPU and Memory usage on my client PC's.
-
Do you have a specific policy in place to route all SIP traffic through the VPN tunnel? What does Traffic Manager tell you regarding SIP traffic and where it is going?
-
If you are using a packet filter policy to direct mail to your server then the firebox won't restrict mail size as there is no setting in a packet filter to do so. Are you utilizing a mail gateway through your ISP or other third party to direct mail to your firebox? Email size can be configured through there. If not, I…
-
You can create a DHCP Reservation for that MAC address in the Network settings of the interface (Trusted I'm assuming) that DHCP is running on. Policy Manger > Network > Configuration > Interface > DHCP Server > Reserved Address
-
In Policy Manager (not the web UI) go to VPN > Mobile VPN > IKEv2 > in the Security Tab click Edit for the IKEv2 Shared Settings box > Click Add > then choose the configuration settings you want in the drop down menus provided. GCM tends to be a little faster from my understanding, your results may differ. Careful in the…
-
Nope Bruce, not entirely certain, but I don't configure FB's with webblocker everyday. If the on prem WB server is able to utilize the Cloud and contain the same categories and granularity of the Cloud based server than that is awesome. More people may use the on prem option especially if their Internet connection is…
-
The delay smells of a DNS issue with the webblocker cloud. Have you tried an on-prem webblocker server instead? You don't get the number of categories or the granularity as with the cloud based version, but the response time should be improved.
-
Comcast home modems have a default LAN ip of 10.0.0.0/24 so I would recommend using a 172.16.0.0 IP subnet for your LAN. This has caused me a few headaches during COVID.
-
The outbound traffic from your FB will automatically be NAT'd to the Peer IP of the external interface. In your case I believe that would be 4.7.x.6/30 If you want to utilize the secondary IP's for outbound traffic to Azure, just create a Dynamic NAT from the secondary 65.x.x.x address you wish to the external IP address…
-
This issue lies within all PC's on the network correct? Would the FB be using any type of web caching server?
-
Is it turned on? Ha! :D
-
You didn't mention if you were utilizing a HTTPS Proxy Policy, or a simple HTTPS Packet filter policy. If using a Proxy try creating a Packet Filter policy for HTTPS and place it above your Proxy policy. If the site loads than the issue lies within the Proxy.
-
Just create a new Ping packet filter policy where Ping (or IMCP) requests are denied from > any external to > Firebox and place it at the top of the order. Since you are using the "Firebox" alias there is no need to specify an IP address. Yes, once again you can assign aliases to the interfaces and create policies based…
-
Just had it this week. If you are using the Access Portal to RDP onto PC's make sure the PC is turned on and you have the correct IP address to the PC configured in the Access Portal. Had a power outage over the weekend that shut down a lot of PC's and the users got this error until their PC was turned back on. * Doug
-
Just for clarification: You're keeping your current "LAN" ip addresses on the external public addresses block of 65.x.x.x /27 (you have 32 public ip addresses?) How are these ip's on your LAN if they are public? No 10.x or 172.16.x or 192.168.1.x? Confusing. What is this 2nd WAN connection you are referring to? The new WAN…
-
Have you tried using AD for user authentication instead of the Firebox? Helps when accessing network resources in a Domain environment via VPN. https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/active_directory_about_c.html * Doug
-
Depending upon the resources users require, would the Access Portal be a more viable solution than a VPN connection? This would eliminate the need to differentiate between computers with TDR and those without. If you have licensing for the Access Portal anyhow. Just a thought. Doug