Comments
-
Both WGs have a different LAN management IP, so when I login to each LAN ip, and look at external interface, it shows the same public IP. The reason I'm asking is because I remember someone from my company saying each WG have a different public IP.
-
Yes, so when I connect to the web UI, and look at external IP, I see one public IP. Is that for both firewalls?
-
Thanks
-
Its weird because whether I have OpnVPN allowed or not on Sophos, his laptop keep getting that message. I'm going to open a support case with WG
-
According to this site, the solution seem to be to reinstall VPN client multiple times from the local firebox. The user already did that once, so I'm going to have him try again. https://serverfault.com/questions/671542/watchguard-mobile-vpn-with-ssl-user-cant-connect-failed-to-open-shared-memo
-
That didn't work either, I'm waiting for the user to give me the VPN client log to see what it says now, and also look at the event log.
-
Looks like Sophos is blocking OpenVPN, going to try that.
-
I had the user remove the other VPN client, and only have WG. But still getting this. 2024-09-09T19:10:35.798 WatchGuard Mobile VPN with SSL client is already running. Passing command line to process. 2024-09-09T19:10:56.175 Requesting client configuration from vpn.ridgeeng.com:443 2024-09-09T19:11:05.169 VERSION file is…
-
He also said he can't access WG VPN from his home laptop, which only has the WG VPN. But my home laptop can use WG VPN on the same version.
-
The user tried the Mobile VPN client from WG software website and also from the local Firebox url https://Firebox_IP/sslvpn.html, same issue. He can login to https://Firebox_IP/sslvpn.html and download, so his account is not the issue.
-
I can't really uninstall the other VPN now because the user needs it. I had the user connect again to WG VPN but still same issue, here's the log. I see a bunch of these: 2024-09-06T12:40:12.704 failed to open shared memory for openvpn command (error: 2), please check the WatchGuard SSLVPN Service 2024-09-06T12:40:12.704…
-
Yes, there is another SSL VPN client use to connect to our other company. But he's not on that VPN when he's using the WG VPN Client.
-
Thank you. I'll try vpn again and get the logs. I'm testing the VPN from my LTE hot spot. I'm able to connect from my laptop, but not the user's laptop.
-
Understood, thank you
-
Yes, I did Google that part number and I saw different prices for CDW, Firewalls.com etc. The quote I got from other vendor I was looking for the WG Total Security Suite s $2053.
-
I'm sorry I think I typed that wrong. The domain name is still company.local. When I go to one of the DC, and look up System information, it shows computer name as DC01.company.local, and under it shows Domain: company.local But, in Active Directory, the users are in user@company.com format. The auth servers are still…
-
Thanks
-
Any ideas will help, thanks.
-
So it looks like to get the results from Blocked Sites (blocking both ways) I had to add 2 policies in Policy Manager. One for outbound and other for inbound.
-
Thanks, I removed both policies, and the Alias I created. Added the IPs to Blocked Sites, now when I ping it, I see it in Traffic Monitor. I had to add it from the Web UI, because when I tried to add it from FSM, it was asking for expiration.
-
It looks like Blocked Sites needs to have an expiration date though. I want to block it indefinitely. So looks like I need to add another policy to deny from 'Compromised IOC IPs' to ANY.
-
It looks like the reason I don't see the IP in the Traffic Monitor is because it can't reach it but yeah I would think it will show as denied in Traffic Monitor.
-
I have 'Send log message' selected. But don't see denied in Traffic Monitor when I'm pinging the IP.
-
Yes, I want to block access to those IP addresses. So since I can't no longer ping those IP from my computer, and I don't see it on the traffic monitor, it looks like its working. But my question is, are those IP addresses blocked from accessing the Watchguard? Is it blocked both ways?
-
Because when I did it the opposite way, Deny 'Compromised IOC IPs' to ANY, I was able to ping one of the IPs.
-
Sorry for the late reply. It was my error. I mislabeled the switch port wrong, so I was tagging to wrong interface. Tagged to correct interface, and it works.
-
This is the port setting on my switch unlinking from WatchGuard. If I plug in a laptop on port 18, the laptop gets connection to VLAN 6. Running configuration: interface 17 name "Bechdon VLAN Uplink" tagged vlan 6 exit interface 18 name "Bechdon Test Port" untagged vlan 6 exit interface 25 name "Uplink to new bldg" tagged…
-
I agree it does seem like a switch issue because I'm getting dhcp address on one swich. This is the port setting on my switch unlinking from WatchGuard interface 2 (VLAN 6 Tagged). If I plug in a laptop on port 18, the laptop gets connection to VLAN 6. Also, I'm testing on both switches with the same laptop and Ethernet…
-
This is the port setting on my switch unlinking from WatchGuard. If I plug in a laptop on port 18, the laptop gets connection to VLAN 6. **Running configuration: interface 17 name "Bechdon VLAN Uplink" tagged vlan 6 exit interface 18 name "Bechdon Test Port" untagged vlan 6 exit interface 25 name "Uplink to new bldg"…
-
Thank you. Yes, its a static IP. Not DHCP. I set a static IP outside of dhcp reservation, and so far its working. Not sure why it was working earlier before the power outage.