Hi,
I'm in the process of setting up SSO for users so we can control our internet access. We only want domain users to access internet and none domain users such (visitors) need to be blocked.

I have read a couple of articles but am still a little unsure which method to use, so here I am asking experts for guidance. I would also appreciate if someone can write step-by-step setup guide or an article that I can follow with some screen prints?

Please also point out any "gotcha"

This article says that "Event Log Monitor” has to be installed on all domain controllers, but later its talks about pushing out SSO client to machines which is also used for authentication, so am a bit confused if this is needed or not? Please clarify
http://www.skype4badmin.com/watchguard-sso-part-1/


and then this video also talks about "Exchange Monitor" for authentication.. do I need all of these options or will one suffice?
https://www.youtube.com/watch?v=qw8e85hXVcg

much appreciated!

Thanks

Hi
I have to enable TLS 1.0, 1.1 and 1.2 in Internet Explorer on my laptop before a VPN can connect? how can I change this settings so I don't have to enable these in IE?

Thanks

Hate to admit how little I know about UTMs .

Have a watchguard UTM (X10e), that I am trying to make changes in a firewall policy for people to access a new camera system that requires different ports than the old camera system.

FIgured I'd just edit the existing policy that someone else set up - the new system will get the same IP as the old system.... I just need to change the ports.  the old system used different ports than the new one.

I go into the web UI (192.168.1.1:8080), log in as admin go to firewall / firewall policies.  On that screen, I highlight the camera policy and choose the edit button.

The policy loads but I don't see how I delete existing ports / add ports on the properties page... There's a watchguard  program I could (need??) to use?  There's no add / remove buttons on the properties page, like on the policy page.

Am I missing something?  

By the way, I keep saying I need to learn UTMs.... any thoughts on Watchguard vs other brands?   Best way to learn about how to use / manage them?

Good Day,
We have a WatchGuard XTM-22 at one our schools and it is not working - we have no internet access for any device on our network.
Here is the setup for this unit:

Port 0 - Main internet feed
Port 1 - to our internal network
Port 2 - Mgmt
Port 3-  Another internet feed DSL
Port 4 - unused
Port 5 - Another internet feed DSL

(We have very limited / poor internet speeds available in this remote community.  The IT Consultant before we took over was able to configure the unit to use the internet feeds from Ports 0 and 5, which is all that could be used at the time.  Port 3 feed is redundant and can be used as a backup for port 5 by switch cables).

Right now, here is the status of the lights on the front of the WatchGuard unit, going from left to right:

Failover:  Flashing green
WAP:  Off

Ports 5,4,3:  Both Link and 100/1000 lights off
Ports 2,1,0:  Both Link and 100/1000 lights flashing green in unison

Status:  Solid Red
Attn:  Solid Orange
Mode;  Flashing Green
Power:  Solid Green

I have tried to connect my laptop via RJ45 cable directly to Port 2 to access the unit, but there is no activity on this link and I don't get a DHCP address.   Web browser access to both the external IP and internal IP addresses won't work either.

Any suggestions on what is causing this problem?  I have no experience with this particular unit and the network setup is quite convoluted - five VLANs.  I think there is a backup config file from about a year ago.
…

I have an Exchange 2013 server behind a WatchGuard M200 Firewall. Both have appropriate SSL certificates installed, and the WatchGuard is configured as an SMTP proxy.

Everything works brilliantly, except, email from two domains is not received. Everyone else works absolutely fine. I am unclear why.

On the Exchange end, the logs for working emails end like this:

250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
,Proxy destination(s) obtained from OnProxyInboundMessage event
"250 2.6.0 <CALsXffyfLq_=XyviTgL9AFYCZ0T2UBBFq8rH5ppQoBzSKUSO3Q@mail.gmail.com> [InternalId=85388244811933, Hostname=EXCHANGESERVER.DOMAIN.LOCAL] Queued mail for delivery"
QUIT
221 2.0.0 Service closing transmission channel
,Local

Select all Open in new window

However, for two domains, the conversation ends like this:

250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
,Local

Select all Open in new window

It looks as though the sender has been given permission to go ahead with sending their message, and then not done so. However, the message is attempted a few dozen times, about ten minutes apart, before the sender gives up.

On the WatchGuard end, there is one difference between how senders show in logs.

For the working senders, I see lines for both 'ProxyMatch, ProxyAllow:’ and then ‘ProxySMTPReq’, however, for broken senders, I see just ProxyMatch, which is not followed up with ProxySMTPReq.

One of the broken senders is coming from Office 365, however, so are dozens of other senders, so I don't think the issue is there.

Any advice?

Set up Watachguard BOVPN and seems to connect yet not traffic is being passed.  See attached
BOVPN.JPG

Recently we added a new TPG IPVPN Connection (MPLS Network with Hosted Firewall) to eth2 on our watchguard but cant get it to work properly (see attached picture)

For some reason i cannot ping any Sydney LAN IP Addresses (on 10.50.2.0/24 network) from QLD Office to Sydney Office.

What do i need to enable / configure on the wathguard so i can ping internal lan addresses from qld office ?

QLD Office LAN is on 10.4.26.0/24 network.
Sydney office LAN is on 10.50.2.0/24 network

From QLD office I can ping 210.10.228.14,210.10.228.13, 10.252.0.6, 10.252.0.5 OK, but if I try to ping the Watchguard LAN IP Address 10.50.2.90 or another device in the same Sydney network from QLD Office it times out. Any ideas ???

Sydney Office Watchguard Configuration is as follows:

I have 3 interfaces setup on my Watchguard x750e firewall with following parameters:

Eth0: IP: 210.10.228.14 (External) - This is connected to a ISP Managed Cisco 1900 Series Router. This is a routed subnet services TPG NBN Conneciton.
Gateway: 210.10.228.13
NetMask:255.255.255.252

Eth1: IP: 10.50.2.90 (Trusted)
Netmask: 255.255.255.0

Eth2: IP: 10.252.0.6 (External) - This is connected to a TPG NTU and is a IPVPN Connection. This also requires RIPv2 and has dynamic routing setup.
Gateway: 10.252.0.5
Netmask: 255.255.255.252
Dynamic Routing Configuration:
1. Enabled Dynamic Routing is enabled.
2. Enable RIP is enabled
Rip Configuration :
router rip
network 10.252.0.4/30
network …

Just a general question at this point...We have a network which is joined to another office using a branch office VPN with a Watchguard Firewall at one end and a Netgear VPN router at the other.  Do you know if it's possible to create a second permanent VPN connection from the Watchguard to a software PPTP VPN provided by Windows 2012 on a virtual hosted server?

Thanks

Does anybody know how to connect to a laptop in a remote location that is connected to the network via an SSL VPN client.  The laptop connects to a Watchguard Firewall [System manager v 11.9.4] via an SSL VPN client v11.9.3.

Hi,

I have a server running filezilla server and is configured with ftp over tls.

I know this server is fine because I can connect and upload files fine from a number of locations.   However I have an issue in one particular location behind a watchguard firewall.

The connection establishes successfully and sometimes it can upload a file or part of a file before it fails when configured to ftp over tls.
If I change to ftp it works fine.

I have read that this can sometimes be an mtu issue but don't know how or where to change this.   Please can anyone shed light on this.  

Attached is the filezilla server log and errors it sees.

Hi

I have a group of users who regularly travel with their laptops and i want to be able to have more control on what they are browsing when away from the network.

At the moment when they are in the office they go out through our Watchguard which acts as a transparent proxy and has Websense setup to filter what they can see.

In addition to this when they are connected via SSL VPN externally the traffic is forced down the tunnel and again they use the transparent proxy.

The problem i have though is if they dont connect to the VPN when say in a hotel they can browse what they want.

Is there a way that i can stop browsing access unless they are connected through the VPN.

I know that we could specifiy a proxy in the internet settings but because the Watchguard is a transparent proxy i dont believe this would work.

Any advice would be great.

thanks

Trying to allow access to the game For Honor.

Watch guard is blocking the games I have checked traffic monitor.

2017-02-20 15:43:41 Deny 172.16.54.147 216.98.55.90 11085/udp 51031 11085 1-Trusted 0-External Denied 36 126 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148"
2017-02-20 15:44:05 Deny 172.16.54.147 216.98.55.90 11080/udp 53387 11080 1-Trusted 0-External Denied 32 126 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148"

I have allowed UDP ports 11080-11085 still blocks also put host address in exception list to no avail.

Any ideas?