Comments
-
So maybe a Veeam V11 issue w/TDR? Have you opened a support ticket with Veeam to see what exclusions the AV running on the B&R server should have? After you know this then you could make a separate TDR Group strictly for your Veeam server and add the exceptions.
-
Was this issue present in v 10? My cloud service provider doesn't support v 11 currently so I have yet to upgrade.
-
Verify the Link Speeds, Duplexing, and MTU of the NIC on each device and make sure they match or are set to auto. You could also try placing a small switch between the firebox and your ISP's hardware to see if that helps.
-
Hey @RVilhelmsen, I have Veeam B&R 10.0 on a 2019 Server running TDR that acts as a backup copy repository. Never have I had an issue mounting backup volumes, restoring files, mounting Exchange databases for mailbox restore, replication or any other Veeam backup/restore process. Are you using Veeam One instead of B&R? *…
-
You didn't mention how the other VLAN's were configured, but with HP (Aruba) switches this is how I would configure it. On the clients set the NIC for DHCP. Depending upon the NIC you may be able to tag it for VLAN's, but I doubt it. For the HP Switch, untag all client ports and assign the new VLAN ID to them. This way…
-
Thanks Bruce, That is quite a thread. Yeah, I should update and I know that. Problem is too many users on domain joined pc's at home that can't update their SSL-VPN software or execute the .bat file required for IKEv2 connections without admin permissions. Which I'm not giving out. The added CPU load hasn't affected…
-
Opened up a ticket. Once there is a resolution I'll post it. * Doug
-
Go to Watchguard Cloud > Monitor > Devices > "your firewall" > Logs > Log Search > choose your date or date range > enter "admd" in the query Export results as .csv, open in Excel, and sort, filter, chart, graph to your hearts content. Seems I've answered this before. :-) * Doug
-
This just happened again last week right before I lost power for the past five days. TDR driver corrupts, causing WMI issues, making server unresponsive, resulting in Kernel panic. Only this time the server didn't reboot, I had to use the integrated management system to reboot the server. Ended up corrupting a database…
-
DNS watch only says the firebox blocked the site. Frustrating I know.
-
Open Firebox System Manager, go to the Blocked Sites tab, highlight the blocked site and click the delete button on the lower right corner. Enter your admin password when prompted to delete the blocked site.
-
Hey James, I did that prior to posting, sorry I neglected to include that information. Today's AV updates: 12/15/20, 2:51:36 AM PST 20201215.45 Success Update success 12/15/20, 5:52:15 AM PST 20201215.45 Success Update success 12/15/20, 8:51:52 AM PST 20201215.645 Success Update success My scan limit was initially set to…
-
I have a similar configuration at home, work network, camera vlan, guest vlan, wife work vlan ........ and it was running on a T-10. It worked but my Internet struggled even though I had the fastest speed I can get at home. Then I upgraded to a T-20 and boy-howdy did that make a difference. Even with all the scanning and…
-
Hey Mark, I would start by changing the network interface from Trusted to Optional or VLAN if that is really how it's configured. Next I would set up two outbound policies for the Wi-Fi (Optional) network, one for DNS and the other an tcp-udp any from the Wi-Fi (Optional) to any External and enable logging. Now test on…
-
You could also try Watchguard Cloud if you are using that service. Find your device > Log Search > Date Range > search for "admd" in the Event logs. Here you can see exactly when each user connected and disconnected their VPN connection. Save to a .csv file and make your report. * Doug
-
Noticed the same thing. Sorta hoped I would see user@domain.com since everything is SSO and AD integrated. At least an internal IP would be nice, but no dice.
-
Not sure what PBX you are using, but I would check the log files for connection errors. Also, if your PBX supports it, run a firewall test to ensure all ports are available. If you find errors, adjust your firewall accordingly. Lastly, does your softphone application have a Deskphone / Softphone switch? I run 3CX and the…
-
With your DSL Internet connection it would take about 18 minutes to download the 3 gigs, and almost an hour to upload the 4 gigs, which drastically surpasses the time frame given of about 40 minutes. Sure it isn't something internal, maybe a WSUS Server pushing out updates?
-
Mixed bag of results with the powershell method. As a local or domain admin it seems to work pretty well. A couple times I've had to run it more than once to get everything working. End users with no admin privileges can get it to run, but no default gateway is created and hence my dilemma. The users connecting via the…
-
Is that next to the milk Bruce? :-) I just tested that and it does resolve the issue. More of a workaround IMHO though. That information should be part of the Readme.txt file which is what people will be reading, also my opinion. Now that I'm on my soapbox, why do the two recommended VPN solutions (IKE & SSL) require…
-
That makes sense Bruce, but what I don't understand is why all my outbound http/https policies utilize SD-WAN yet the Allow IKEv2 Users any/any policy chooses the slow connection. Now, correct me if I"m wrong, but I believe since the slow external connection is utilizing the default external port on the Firebox that is…
-
Opened a support ticket. Have you tried turning it off and back on again? Problem resolved. :-) * Doug
-
Hi James, I've tried using the fqdn of the 3rd party certificate and by IP address with the same result. I have directed users to download directly from Watchguard for now. Odd the SSL-VPN users connect fine and the Access Portal displays and authenticates. Guess I'll open up a support case. Thanks, * Doug
-
Hey James, I submitted it as a false positive. Thanks for the help. * Doug
-
You never mentioned the model of Firebox purchased, but if you own a M-470 and above you could add the optional module for additional ports.
-
The "Safe Search" doesn't really do much for Google Images. Works great for Bing though. You will need to edit your DNS servers in order to force Safe Search for google. This should point you in the right direction. https://support.google.com/websearch/answer/186669?hl=en * Doug
-
I managed to enable the NIC on the device and it is now hard wired into the network.
-
Great work around solution. Instead of creating new Zones in my DNS infrastructure I would rather just check the box in the Proxy and have it work. Don't want to be mean, but isn't that why I purchased the Security Subscriptions in the first place?
-
Using Brave, which is a Chrome-esque browser. Folllowed the instructions in the article you posted. Disabled the Experimental QUIC Protocol in the browser, reloaded the browser, same result. NSFW :-( Per the article, I created a policy to block UDP ports 80 & 443, placed it at the top of my policies and still NSFW images.…
-
Finally resolved the issue. Onsite I have a Synology NAS running as a file server, and I just used the DHCP Server module of the NAS software to assign IP's to the different VLANs on the network. The Secure, Guest, and RING networks all connect with no issues now. This is of course after removing the DHCP Sever Service…