Share tech news, updates, or what's on your mind.

Sign up to Post

Hi All,

My company Scenario:

I have connected the branch office to main office using VPN.

Main office is running under domain environment and using a Watch guard as a firewall.
Branch office is running in a work group environment and using a Billion VPN Wi Fi router.

VPN has been set up between Watchguard Firewall (XTM26) and Billion Wifi Router (Bi Pac 8920nz)

VPN is working fine. I am able to take remote of all the computers located in to the branch office using "Microsoft Remote Desktop" from the main office.  

Problem:

I am not able to ping any of the branch office computers. I can ping branch office wifi router and network printer only. What could be the reason?
0
Who's Defending Your Organization from Threats?
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Server is Windows 2012 R2. Clients are Windows 10.

VPN is a Watchguard SSL VPN. Users are connected on fast VDSL connections.

When Offline Files is enabled, users connecting via the VPN can no longer see any folders other than those already synchronised. File explorer shows the computer working in offline mode.

I have checked the network location, and this shows 'domain' as expected.

It appears that when connected to the VPN, Windows is perfectly happy to authenticate against the network, browse network shares it's never seen before, there are no speed issues, etc, but the minute offline files is enabled, Windows (file explorer only) thinks the computer is offline.

There is no GPO set to describe the slow speed threshold, so the default of 500kbps should be true. The connection is operating nearer 80Mbps.

I've set a GPO "Computer Configuration > Policies > Administrative Templates > Network > Offline Files > Configure slow-link mode" to disabled, which seems to have resolved the issue.

However, I'm more concerned that Windows believes the computer to be offline when it isn't, and I wonder if there's a firewall issue I should be aware of?

Any pointers?
0
I am trying to create a policy to enable/block specific traffic that my T30-W is handling. I haven't been able to find a good answer as to what each column in the Traffic Monitor means.
0
Hey

All external mails shows as "X-MS-Exchange-Organization-AuthAs: internal"

How to change to anonymous?

(We have a WatchGuard XCS as spam)

Mike
0
In WatchGuard XTM SMTP Proxy definitions, it implies you can set up a rule for "masquerading".  However, how do you set up the replacement string?   For instance, if I want person@contoso.com to be redirected to person@contoso.org, it is easy enough to match the string and replace it.  But, if I want everyone @contoso.com to be redirected to their same name @contoso.org, how do you set up the replacement string?  You can use a wildcard on the string match but what syntax do they use for the replacement string to attach the portion before @contoso.com.   Seems that this should be a simple process for creating masquerading.
0
Hi,

We've just found out our 2011 SBS Server has been sending out spam emails by their thousands.  I've checked that there is no open relay in Exchange 2010 (and there isn't) and turned off all PC's on the network but the spam emails keep coming so pretty sure they are coming from the server.  Have virus scanned the server and it seems clean.  I've found that all the spam emails are all coming from the same external IP address.

The network is protected by a Watchguard XTM25 firewall.  My question is can someone please talk a newcomer to Watchguards how to set up a way of blocking these emails coming in from that IP address on port 25?  

Many thanks

Adam
0
I was recently tasked with setting up a VPN for a client of ours for accessing files from home. We are able to successfully login however when we try to map drives or access resources we are unable to. Mapping drives errors as is we are not in that domain. Trying to access the drives through Explorer returns the same. Can anyone assist with this please?
0
Hello all,
I will be migrating a Watchguard XTM505 to a Watchguard M370.  I understand the step by step portion of the policy manager.
My question is that before I import the configuration file from the policy manager to the new M370 do I need to activate the new M370 or do anything else to it?
Thanks,
Kelly W.
0
My user cannot connect with Watchguard client or Shrewsoft client.  Switching users to myself I find that I cannot connect with Watchguard client but I can with Shrewsoft.  This is a Windows 7 Pro PC.  My windows 7 PC can use either client.  Why cant this user use the VPN?
0
I am trying to configure my Watchguard firewall [XTM 515 - Fireware 11.9.4] to allow certain machines access to the update site of a software provider. Unfortunately this software vendor does not hold the updates on systems that can be referenced via  fixed ip addresses but rely on referencing their infrastructure via a DNS name.  I don't seem to be able to setup a route using packet filters or proxies. Does anybody know of a way of doing this?
0
Hi,
I'm in the process of setting up SSO for users so we can control our internet access. We only want domain users to access internet and none domain users such (visitors) need to be blocked.

I have read a couple of articles but am still a little unsure which method to use, so here I am asking experts for guidance. I would also appreciate if someone can write step-by-step setup guide or an article that I can follow with some screen prints?

Please also point out any "gotcha"

This article says that "Event Log Monitor” has to be installed on all domain controllers, but later its talks about pushing out SSO client to machines which is also used for authentication, so am a bit confused if this is needed or not? Please clarify
http://www.skype4badmin.com/watchguard-sso-part-1/


and then this video also talks about "Exchange Monitor" for authentication.. do I need all of these options or will one suffice?
https://www.youtube.com/watch?v=qw8e85hXVcg

much appreciated!

Thanks
0
Hi,

Can anyone please tell me step by step how to stop a Watchguard XTM25 from blocking downloads of EXE files from a server hosted website (so need to add an exception as an IP address) .

Many thanks

Adam
0
I know very little about watchguards (or really most complex firewalls).  I have 2 watchguards in location A and location B.  looking at the policies on the main office's watchguard, I have 16 rules.  wonder which are needed?  

This is an XTM21 (old unit, right?)

it takes a few seconds to go from screen to screen / get the list of firewall policies, etc. 'retrieving data' on screen for 9 seconds... there's 16 policies in the list.  Is that a long time for pages to load?

a) do you just replace watchguards after x years because they are old?
b) do you reboot them on a schedule? How often? every week? month? year?

This watchguard is set up for:Exchange on the SBS server on the LAN, General surfing from inside the office, VPN to the other location and phones being able to connect to the exchange server from outside.

How many rules should those take?

Looking at the policies, I think this is what are set up. I inherited this network so may be unneeded / defaults that came with the box?
FTP OUTboundSMTP (192.168.2.3 to Any external)
GeneralProxy (From HTTP-proxy to ANY  Trusted)
SMTPtoMailSrv (From ANY to 75.127.x.x->192.168.2.3)
HTTPtoMAILSrv (From ANY to 75.127.x.x->192.168.2.3)
POP3toMailsrv (From ANY to 75.127.x.x->192.168.2.3)
IMAPtoMailsrv (From ANY to 75.127.x.x->192.168.2.3)
HTTPStoMailsrv (From ANY to 75.127.x.x->192.168.2.3)
RDPtoMAILsrv (From ANY to 75.127.x.x->192.168.2.3)
Voicecom mail system (From ANY to 75.127.x.x->192.168.2.3)
Watchguard …
0
Hi
I have to enable TLS 1.0, 1.1 and 1.2 in Internet Explorer on my laptop before a VPN can connect? how can I change this settings so I don't have to enable these in IE?

Thanks
0
Hate to admit how little I know about UTMs .

Have a watchguard UTM (X10e), that I am trying to make changes in a firewall policy for people to access a new camera system that requires different ports than the old camera system.

FIgured I'd just edit the existing policy that someone else set up - the new system will get the same IP as the old system.... I just need to change the ports.  the old system used different ports than the new one.

I go into the web UI (192.168.1.1:8080), log in as admin go to firewall / firewall policies.  On that screen, I highlight the camera policy and choose the edit button.

The policy loads but I don't see how I delete existing ports / add ports on the properties page... There's a watchguard  program I could (need??) to use?  There's no add / remove buttons on the properties page, like on the policy page.

Am I missing something?  

By the way, I keep saying I need to learn UTMs.... any thoughts on Watchguard vs other brands?   Best way to learn about how to use / manage them?
0
I have an Exchange 2013 server behind a WatchGuard M200 Firewall. Both have appropriate SSL certificates installed, and the WatchGuard is configured as an SMTP proxy.

Everything works brilliantly, except, email from two domains is not received. Everyone else works absolutely fine. I am unclear why.

On the Exchange end, the logs for working emails end like this:

250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
,Proxy destination(s) obtained from OnProxyInboundMessage event
"250 2.6.0 <CALsXffyfLq_=XyviTgL9AFYCZ0T2UBBFq8rH5ppQoBzSKUSO3Q@mail.gmail.com> [InternalId=85388244811933, Hostname=EXCHANGESERVER.DOMAIN.LOCAL] Queued mail for delivery"
QUIT
221 2.0.0 Service closing transmission channel
,Local

Open in new window


However, for two domains, the conversation ends like this:

250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
,Local

Open in new window


It looks as though the sender has been given permission to go ahead with sending their message, and then not done so. However, the message is attempted a few dozen times, about ten minutes apart, before the sender gives up.

On the WatchGuard end, there is one difference between how senders show in logs.

For the working senders, I see lines for both 'ProxyMatch, ProxyAllow:’ and then ‘ProxySMTPReq’, however, for broken senders, I see just ProxyMatch, which is not followed up with ProxySMTPReq.

One of the broken senders is coming from Office 365, however, so are dozens of other senders, so I don't think the issue is there.

Any advice?
0
I've got a Watchguard 500 series at the main office and a 2 series at a home office.  I've needed to setup a VPN between the two devices to get an IP phone to function properly.  

With the current home office setup I have one interface set as 'external' and connect the cable modem directly here.  Then I have a 2nd interface as 'trusted' which connects to the users home router.  The phone and computer connect to the home router and the VPN works fine.

At the new home office location however the home equipment is a cable modem/router combo - so I have no dedicated WAN port - just 4 LAN ports.

Maybe I'm over thinking this but I'm stumped on how to configure this with the different home router/cable modem combo.

I've been using 'mixed' mode and am wondering if I need to be using 'drop in' mode - ?
0
Set up Watachguard BOVPN and seems to connect yet not traffic is being passed.  See attached
BOVPN.JPG
0
I have a watchguard M400 (Fireware XTM 11.10) Firewall/Router with about 14 Branch Office VPN'c coming into it. We have a new software these BOVPN's need to access. There are two application servers running the software. I would like to load balance the connections to these servers. Can someone point me in the correct direction?
0
Been battling this for 2 days.

Sat morning at 6:30 am was receiving email from filter service Fusemail to server. At 7 am noticed emails being deferred and building up in a queue on Fusemail Portal. Nothing changed in these 15 minutes. Fusemail's portal says "error reading banner" on public IP of server and the remote. OWA mx record.

I have done the following to troubleshoot,

Rebooted several times.
Recreated default receive connectors,
Looked thru the IIS system, no issues.
Exchange 2010 IS sending emails as normal.
Double checked the MX records for Fusemail, They are accurate,
Entered the ip addresses of Fusemail servers in the Watchguard T30 FIrewall box to send mail to port 25 (they were NOT there before  but emails were coming in)
Can go to canyouseeme.org and enter the public IP and port 25, and it is OPEN,

All emails were coming in before any changes made. They simply stopped and they are of no real help, just saying "your server is not allowing connections".

If I cannot find the answer here, they are getting migrated to Office 365 asap.. They, like other businesses cannot be down on email for days..

Any ideas?
0
Just a general question at this point...We have a network which is joined to another office using a branch office VPN with a Watchguard Firewall at one end and a Netgear VPN router at the other.  Do you know if it's possible to create a second permanent VPN connection from the Watchguard to a software PPTP VPN provided by Windows 2012 on a virtual hosted server?

Thanks
0
Hello EE Members,

I need access to a watchguard xtm 330 but I don't have the passwords for the admin/user accounts and I was wondering if it is possible to reset a watchguard xtm 330 admin or a user password without doing a factory reset or loosing any of it's settings

Regards,
Paul
0
Does anybody know how to connect to a laptop in a remote location that is connected to the network via an SSL VPN client.  The laptop connects to a Watchguard Firewall [System manager v 11.9.4] via an SSL VPN client v11.9.3.
0
Hi

I have a group of users who regularly travel with their laptops and i want to be able to have more control on what they are browsing when away from the network.

At the moment when they are in the office they go out through our Watchguard which acts as a transparent proxy and has Websense setup to filter what they can see.

In addition to this when they are connected via SSL VPN externally the traffic is forced down the tunnel and again they use the transparent proxy.

The problem i have though is if they dont connect to the VPN when say in a hotel they can browse what they want.

Is there a way that i can stop browsing access unless they are connected through the VPN.

I know that we could specifiy a proxy in the internet settings but because the Watchguard is a transparent proxy i dont believe this would work.

Any advice would be great.

thanks
0
On a Cisco ASA, if I need to allow the traffic to come in on an interface and leave on the same interface I need to use the following command:

same-security-level permit intra-interface

Now on a watchgaurd firewall, (I'm not very familiar with the watchguard), how do I do this exact same thing?  Any assistance would be greatful.  Thanks!
0

WatchGuard

79 Followers

Smart Security. Simply Done.

For over 20 years, WatchGuard has pioneered cutting-edge cyber security technology and delivered it as easy-to-deploy and easy-to-manage solutions. With industry-leading network security, secure Wi-Fi, and network intelligence products and services, WatchGuard enables more than 80,000 small and midsize enterprises from around the globe to protect their most important assets.

www.watchguard.com