Hi All,

I am using XTM 25/26 Watchguard firewall in the company and many of the remote users are connected through Mobile SSL VPN. Everything was working fine with no issues and last after internet connectivity break down and restoration no one can able to login using Mobile SSL VPN.

I have checked everything but couldn't understand the issue. Can anyone help me with this?

Few points :

1.  Firewall OS is not upgraded
2.  No new rules is created
3. Reinstall SSL Client software, Create new user with new password. Can login to Webpage of SSL  (https://Firewall IP/sslvpn.html) and able to download fresh software. De-activate and Re-activate Mobile SSL VPN.
4. Internal Network 192.168.1.0/24, Virtual address pool 192.168.111.0/24

Here is the diagnosis report.

2019-01-23 10:43:32 sslvpn sslvpn_event, add entry, entry->virtual_ip=0.0.0.0, entry->real_ip=192.168.1.88, dropin_mode=0
2019-01-23 10:43:32 sslvpn Mobile VPN with SSL user Mitul logged in. Virtual IP address is 0.0.0.0. Real IP address is 192.168.1.88.
2019-01-23 10:43:35 sslvpn Entered in sslvpn_takeaddr
2019-01-23 10:43:35 sslvpn Arguments which needs to be sent:openvpn_add 0 1548200615 0
2019-01-23 10:43:35 sslvpn Going to open wgipc:
2019-01-23 10:43:35 sslvpn assign ip address, rip=c0a86f02, lip=0, common_name=0
2019-01-23 10:43:35 sslvpn Sending Data by wgipc to sslvpn_takeaddr is Success,Buffer:192.168.111.2:0.0.0.0:0
2019-01-23 10:43:35 sslvpn Success,Sending Data to …

Hi,
We have setup an internal VLAN on our WatchGuard for Guest wifi access. The vlan works as expected and anyone who joins gets the expected IP address/ can browse the internet no problems. What we cant it to do is to work correctly with outlook web access. For some reason whenever I try the owa address I get redirected to the watchgiard ssl login page. If I try on any other external connection it works fine. I have tried an nslookup on the new guest wifi and our other external connections and they all point to the correct external address. ie if I am connected to one external wifi and try to access the url xxxxxx/exchange it work fine and an ns lookup is pointed to the correct external address. If I try and accesss xxxx I get presented with the iis page. If I try the same when connecting via the guest wifi, the nslookup shows the same external ipaddress, however if I try to goto to xxxx/exchange I get a 404 page not found error and if I browse to xxxx I get the watchguard ssl login page.

What am I missing?

Cheers,
Paul

Hi,

We use Mitel 5212 IP Phones. we are trying to get them to work on a custom VLAN setup on a watchguard m500 firewall. We have created the custom vlan and the ip scope which works fine. I have mimicked the DHCP options from our windows based dhcp server, however this didn't work. On the DHCP windows based DHCP server the options are:

128 Mitel TFTP xxxx.xxxx.xxxx.xxxx
129 Mitel RTC xxxx.xxxx.xxxx.xxxx
130 Mitel IP Phone Identifier MITEL IP PHONE
132 VLAN for Mitel IP Phone 0x3
133 priority for Mitel IP Phone 0x6

On the firewall dhcp scop options 9All custom)
Code       Name                                 Type            Value
128         Mitel TFTP                           IP                  xxxxxx
129         Mitel RTC                            IP                    xxxxxx
130        Mitel IP Phone Identifier  Text              MITEL IP PHONE
132        VLAN for Mitel IP Phone   Hex              3
133        Priority for Mitel IP phone Hex             6

When the phone eventually boots it gets a crazy VLAN id. Any clues as to what I am issing, or a how to guide on getting the IP phones to work?

Cheers,
Paul

I have a T70 device I'd like connect up via BOVPN with a XTM2 device (with wireless) at a home office location.  In front of the XTM2 I will have an AT&T uverse router in bridged mode.

I'd like all of the data from one port on the xtm2 to go back and forth over the BOVPN.  I'd like all of the wireless traffic to travel out to the internet.  

Can someone please tell me if this is possible and point me in the right direction for accomplishing this?   I've setup BOVPN's between two devices before but it was moving all traffic between both devices and I need to keep the wireless (home users) traffic off the VPN.

We've just installed a new next-gen firewall and I need some assistance getting some communication between two of the interfaces.
It's a Watchguard T35 and we have our WAN on Eth0, LAN1 on Eth1, and LAN2 on Eth2.
Our WAN has a static IP, but we have /27 block of public IP's routed (at the ISP level) to our WAN for use by public facing servers.

I have that part of it working OK.  Servers connected to the LAN2 all have their static IP assignment and IP checks on the internet show the correct IPs.  This interface in the Watchguard is set as "Optional".

LAN1, is our private LAN and is set as "Trust".  Internet traffic and NAT/port forwarding is all working OK, but I cannot seem to get access to LAN2 from LAN1 devices.

I've created a firewall policy with "ANY" for the packet filtering and have set both 192.168.1.0/24 and 203.xx.xx.0/27 in both the To and From boxes.  The rule is set to allow and enabled.
But I cannot browse (using the IP or UNC name) or access any of the LAN2 resources from LAN1.  Nor can LAN2 access any of the LAN1 resources.

I'm new to Watchguard and thought I might ask here for any things I may have overlooked before lodging a support ticket with Watchguard support.

How to block RFC 1918 and create object-groups and use that object-groups to block any udp traffic inbound to the external interface on a WatchGuard Firebox (M200)?

I currently have a Watchguard Firebox in place and have recently purchased a Cisco Catalyst 2960 to server as our primary switch. Our Watchguard currently manages our WAP's (also Watchguard) which have a private and public wifi network which is segmented through the use of VLAN's.

I'm extremely new to Cisco and I'm trying to determine how I would go about configuring the ports on the switch to pass along all VLAN traffic which should allow the WAP's to continue functioning.

I am having an issue accessing a secure ftp web site from a network.  The network uses a watchguard xtm 25 appliance and then runs Server 2008 R2 as the network server.  The workstations are all Windows 7 Pro.

The URL is https://oebsftp.ontarioenergyboard.ca.  This should bring me to a log in page, but instead the following message

The message from IE 11 is as follows:

This page can’t be displayed


Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://oebsftp.ontarioenergyboard.ca  again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

Fire fox give the following:
Secure Connection Failed

The connection to oebsftp.ontarioenergyboard.ca was interrupted while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
Often the Ontario energy board upload sites are designed for IE only.

I do not see anything in the Watchguard appliance but may be overlooking something.

The server uses SEP 14.0 for both anti-virus and Firewall

As a separate issue, email using Outlook 2013 cannot use ssl either

Hi, I have a really odd problem with a Watchguard XTM25-W Firewall.  It has the latest Fireware on it and I've reset it and run the setup wizard from scratch on it. I have a Draytek VDSL model plugged into Port0 and have set up PPPOE authentication on the watchguard and the watchguard connects to the internet.  I have successfully downloaded the Live Security feature key and it's valid for 2 more months.  

The problem I have is that if I plug a laptop directly into Port 1 on the Watchguard and set up a static IP the laptop can see the internet. However if I plug Port 1 into an established 48 port switch nobody on the switch can see the Watchguard, and in fact the Port1 light on the Watchguard doesn't even light up (it lights up if you plug the Laptop into it)

As far as I am aware when you reset a Watchguard and run the setup Wozard it sets up enough default settings to get you a basic internet connection but I'm wondering if there is now some additional configuration needed to allow the internet connection to be shared.

Bit of further background, the Watchguard is replacing an existing Draytek VDSL Router which was the original Default Gateway so I have set up the Watchguard with the same IP address as the Draytek Router (and of course unplugged the Draytek)

Would really appreciate some suggestions on this.

Many thanks

We have several locations. Each location has several DNS servers, all replicating to each other. In DNS we have several Conditional Forwarders. At all locations except one I can ping and RDP into any of the servers in the Conditional Forwarders list. However in one of the locations I am unable to ping to any of the Conditional Forwarder IPs. All locations are connected using a Watchguard firewall using a VPN. When I do a tracert from the location that is unable to get to any of the Conditional Forwarder locations, it goes to the local DNS server, then out to local ISP DNS server. I have been reading and searching for articles that might help however I am unable to find a solution.

We have Watchguard m400. The firewall is blocking EXE download. I want to allow only help desk to be able to download EXE, drive etc. How can i do this ?

thanks

I am putting together some phone equipment and servers in a datacenter cabinet.  The datacenter is providing us a redundant router connection using HSRP.  The cabinet has two Ethernet cables: primary, secondary.

We need external routable addresses for each of the two border controllers for the phone system.  They have a WAN port and a LAN port so they can have an external (outside the firewall) connection and also have a local IP address in the same subnet as the servers in the cabinet.

We are trying not to purchase another $2000 Cisco switch for the setup to accept the 2 Ethernet connections.

We have a WatchGuard M370 firewall device with several ports that can be configured in many ways.

We have two layer 2 switches available in the cabinet for use outside and/or inside the firewall. It is a layer 3 device.

I need help in the configuration of this system.

One suggestion was to take the two datacenter network cables and plug them into a standard Layer 2 switch then patch that switch into an external interface on the firewall.  After so many attempts I am trying to remember but I think the path to the internet was broken when BOTH router cables were plugged into that switch.  I am going back to the datacenter tomorrow to try more things but I wanted to get some input from you guys first.  I have the datacenter IP sheet where they provide me the configuration info but didn't want to post live addresses on this site.  Basically they gave me a \29 subnet and …