Search Results

Search found 33 results on 2 pages for 'watchguard'.

Page 1/2 | 1 2  | Next Page >

  • Watchguard Firewall WebBlocker Regular Expression for Multiple Domains?

    - by Eric
    I'm pretty sure this is really a regex question, so you can skip to REGEX QUESTION if you want to skip the background. Our primary firewall is a Watchguard X750e running Fireware XTM v11.2. We're using webblocker to block most of the categories, and I'm allowing needed sites as they arise. Some sites are simple to add as exceptions, like Pandora radio. That one is just a pattern matched exception with "padnora.com/" as the pattern. All traffic from anywhere on pandora.com is allowed. I'm running into trouble on more sophisticated domains that reference content off of their base domains. We'll take GrooveShark as a sample. If you go to http://grooveshark.com/ and view page source, you'll see hrefs referring to gs-cdn.net as well as grooveshar.com. So adding a WebBlocker exception to grooveshark.com/ is not effective, and I have to add a second rule allowing gs-cdn.net/ as well. I see that the WebBlocker allows regex rules, so what I'd like to do in situations like this is create a single regex rule that allows traffic to all the needed domains. REGEX QUESTION: I'd like to try a regex that matches grooveshark.com/ and gs-cdn.net/. If anybody can help me write that regex, I'd appreciate it. Here is what is in the WatchGuard documentation from that section: Regular expression Regular expression matches use a Perl-compatible regular expression to make a match. For example, .[onc][eor][gtm] matches .org, .net, .com, or any other three-letter combination of one letter from each bracket, in order. Be sure to drop the leading “http://” Supports wild cards used in shell script. For example, the expression “(www)?.watchguard.[com|org|net]” will match URL paths including www.watchguard.com, www.watchguard.net, and www.watchguard.org. Thanks all!

    Read the article

  • Watchguard Firewall - Issues with SSLVPN

    - by David W
    I have a client who has a WatchGuard XTM 23 device on site as their primary firewall. I just upgraded its firmware a couple days ago to the latest version for that series, 11.6.6. The problem is that I haven't successfully been able to setup a VPN connection for them. Using the instructions at http://www.watchguard.com/help/docs/webui/11_XTM/en-US/index.html#en-US/mvpn/ssl/configure_fb_for_mvpn_ssl_c.html, I'm trying to setup a VPN with SSL connection: From the firewall web GUI / Dashboard, I go to VPN - Mobile VPN with SSL, I enable it, add the organization's public IP address to which the firewall is connected. I've setup a group in Active Directory named "SSLVPN-Users", verified that the WatchGuard box can talk to the Active Directory Server, and added myself to that group. I then downloaded the WatchGuard Mobile VPN with SSL client onto my own Windows 7 machine, walked to the client's 2nd building across the street (which has a different public internet connection), and tried to connect to the VPN. When I do try to connect with the client, I get the following errors: 2013-06-24T15:41:32.119 Launching WatchGuard Mobile VPN with SSL client. Version 11.6.0 (Build 343814) Built:Jun 13 2012 01:42:55 2013-06-24T15:41:37.595 Requesting client configuration from 184.174.143.176:443 2013-06-24T15:41:50.106 FAILED:Cannot perform http request, timeout 12002 2013-06-24T15:41:50.106 failed to get domain name I discovered today the Firebox System Manager, and its "Traffic Monitor" which gives current log information (refreshes every 5 seconds). Unfortunately, it doesn't look like the client has setup any sort of WatchGuard / Firebox logging server, so actually recording server-side logs to file hasn't been done. I can work on implementing that if I need to. I noticed that if I try to ping the client's public IP address from an outside source, I don't get a response back (unless I added a policy into the firewall to allow ICMP traffic from "External", which I successfully did a few seconds ago for testing purposes - that rule has since been reverted to not respond to external ping requests). There's a policy in the firewall for allowing SSLVPN Traffic authentication requests coming from any external source TO the Firebox, and then to do the authentication / actually allow the VPN traffic, there's a policy allowing traffic for anyone in the SSLVPN-Users group to flow between that user and the inside network. So my questions are: Has anyone seen these errors before from the Watchguard VPN Client, and/or do you have any suggestions on how I can resolve that error? If I need to setup logging server to grab the firewall logs (in order to further troubleshoot this issue), how complicated a task is that and does it require a lot of system resources? The organization I'm consulting with only has 1 server and not a lot of resources or technical know-how.

    Read the article

  • Watchguard Firebox "split" fibre optic line into 2 interfaces

    - by fRAiLtY-
    We have a requirement on our Watchguard Firebox XTM505 to be able to split our incoming external interface, in this case a fibre optic dedicated leased line, 100/100. We use the line in our office of approx 30 machines however we also re-sell to an external company who utilise it to provide wireless internet solutions to the public. The current infrastructure is as follows: Data in (Leased Line) - Juniper SRX210 managed by ISP - 1 cable out into unmanaged Netgear switch - 1 cable into our firewall and office network, 1 cable to our external providers core router managed by them. We have been informed that having the unmanaged switch in the position it is poses a security risk and that a good option would be to get our Watchguard Firewall to perform the split, by separating our office onto a trusted interface, and by "passing through" the external line to their managed router. It is alleged that the Watchguard is capable of doing this and also rate limiting the interfaces, i.e. 20mbps for the trusted interface and 80mbps for the "pass-through", however Watchguard technical support don't seem to be able to understand what we're trying to achieve. Can anyone provide any advice on whether this is possible on a Watchguard device and how or perhaps if there's a better way of achieving this, perhaps with a managed switch instead of unmanaged? Cheers

    Read the article

  • WatchGuard 'Internal Policy' intermittently blocking outbound web traffic

    - by vfilby
    I have a lot of legitimate outbound traffic intermittently being denied by WatchGuard's "Internal Policy." Today I tried to go to Splunk's homepage and my traffic was denied by my watchguard XTM 22 with Pro upgrade. What is the "Internal Policy" and what can I do to control it? Example of Traffic being blocked Type Date Action Source IP Port Interface Destination IP Port Policy Traffic 2011-09-21T18:24:43 Deny 10.0.0.90 49627 3-Primary LAN 64.127.105.40 80 Firebox Internal Policy http/tcp Top three firewall policies:

    Read the article

  • Can connect through Watchguard mobile VPN, but can't ping or access network drives

    - by johnnyb10
    We're having any issue in which some of our employess can no longer connect to our network drives when out of the office. We use Watchguard Mobile VPN (we have a Watchguard Firebox firewall) and the users are able to connect. That is, their status in the the VPN client says "Connected" and they have the correct IP address listed as the VPN Endpoint. The problem is, when they try to map drives, or even ping the IP address of a server on our network, it fails. Last week, we temporarily switched one of our Comcast modems to our backup DSL modem because the Comcast was accidentally shut off by Comcast, and the problem seemed to start around then. We've since switched back and the problem persists, so that doesn't seem to have been it (which makes sense). But we also made other changes at the time that might have thrown something off, although we feel like we've checked them all. Plus, some people can successfully connect to network drives through the VPN. Can someone please suggest some steps to help troubleshoot? We've checked the policies on our Watchguard box, and they seem fine. We've looked at the settings on the Mobile VPN client, but nothing seems like a probable cause. Thanks.

    Read the article

  • Watchguard config, drop-in or mixed-routing mode?

    - by vfilby
    I have a Watchguard XTM 2 that is currently acting as a firewall and a router for my business network, I currently have the WG setup in mixed-routing mode and am happy with the current configuration. The reason I am curious about drop-in mode is because I would like to use all the interfaces on the back of the watchguard for the same subnet. My understanding is that drop-in mode will put them all on the same subnet, but it is unclear from the manual that the routing/firewall/vpn will still work as expected. This WG is right behind a DSL modem that is setup in bridge mode, so the WG is handling all PPPoE auth and routing for the network.

    Read the article

  • Watchguard firebox: public IP addresses behind firewall with as much usable IP addresses as possible

    - by martinezpt
    Our ISP assigned us 16 public IP addresses that we want to assign to hosts behind a Watchguard firebox x750e. The IP addresses are: x.x.x.176/28 of which x.x.x.177 is the gateway. The hosts will be running software that needs to be directly assigned the public IP address so 1:1 NAT is not an option. I found this document that gives examples on how to assign public IP addresses to hosts behind the firewall, using an optional interface: http://www.watchguard.com/help/configuration-examples/public_IP_behind_XTM_configuration_example_(en-US).pdf However, I can't implement scenario 1 as it won't allow me to use the same subnet on both interfaces. As for scenario 2, splitting the address range into 2 subnets will decrease the usable hosts on the optional interface to 5 (8 - network - broadcast - optional interface ip). I'm convinced that there must be a better way to address this problem and maximize the number of usable IP addresses but I'm not very familiar with this specific firewall. Are there any suggestions on how to keep the hosts behind the firewall with public IP addresses while maximizing the usable IP addresses? thanks

    Read the article

  • Watchguard SSL Certificate problems

    - by Bill Best
    We recently purchased a Watchguard XTM 510. The hope is to replace our ISA 2006 proxy with this UTM product. We are having some issues with secured sites in our test setup. Currently We are still running traffic through the ISA server and I have the Watchguard also setup to be connected to the network. Where we run into problems is when I set in ISA the HTTPS site's location to be forwarded through the XTM, I get a certificate could not be validated error. Therefore I think Ive narrowed it down to two possibilities. One, the certificate needs to be installed on the XTM. Im not 100% sure this is the case as I believe this should just be acting as strictly a proxy and forwarding all the traffic through no questions asked. Either way if I try to import a certificate to the XTM I always get a certificate validation failed error message. These are generally converted pfx to pem files. Second, the XTM CA certificate needs to be installed on the ISA server so that they may communicate. I have done this but it didn't seem to do anything. I believe this should be working and was hoping someone has struggled through this before.

    Read the article

  • Watchguard SSLVPN user connection issue

    - by Tory Newnham
    I have a user that needs access to our SSLVPN on our Watchguard firewall from his company issued laptop. The problem is when he tries to connect as himself he cannot connect. If I login to the machine it works fine, if I add him to the domain admins group in Active Directory it works fine… So, we know it is an access issue but I cannot figure out what access he needs. He is in the SSLVPN-Users group which I thought would give them all the access they needed but apparently not… Here is the output of the SSLVPN Logs when trying to connect: 2012-09-14T15:40:55.834 Launching WatchGuard Mobile VPN with SSL client. Version 11.5.3 (Build 339447) Built:Apr 5 2012 00:25:00 2012-09-14T15:41:18.832 Requesting client configuration from X.X.X.X:443 2012-09-14T15:41:20.386 VERSION file is 5.15, client version is 5.15 2012-09-14T15:41:21.924 Error: connect() failed. ret = -1 errno=10061 (...) 2012-09-14T15:41:23.960 Error: connect() failed. ret = -1 errno=10061 2012-09-14T15:42:00.788 Failed Launch Has anyone had the same issue, or have any ideas on what Group Policy changes need to be made in order for him to have access but not be a Domain Admin? Thanks in Advance!

    Read the article

  • Watchguard box VPN Access X700

    - by Paulio001
    We have a watchguard X700 box that we are trying to get VPN access through. We have had a play with the ports and tried to open the VPN access but still have no joy. Do we need to purchase a special licence to get VPN open on this box?

    Read the article

  • Watchguard XTM blocking login attempts

    - by user192702
    routinely I'm seeing lots of login attempts to my mail server trying out various login names starting from A to Z coming from the one IP on one day and another IP on another day. Is there any means to detect this type of activities and block accordingly? I asked Watchguard and it appears they don't support this on their XTM series. Anything else I can do other than to have a super long password?

    Read the article

  • Connecting Linux to WatchGuard Firebox SSL (OpenVPN client)

    Recently, I got a new project assignment that requires to connect permanently to the customer's network through VPN. They are using a so-called SSL VPN. As I am using OpenVPN since more than 5 years within my company's network I was quite curious about their solution and how it would actually be different from OpenVPN. Well, short version: It is a disguised version of OpenVPN. Unfortunately, the company only offers a client for Windows and Mac OS which shouldn't bother any Linux user after all. OpenVPN is part of every recent distribution and can be activated in a couple of minutes - both client as well as server (if necessary). WatchGuard Firebox SSL - About dialog Borrowing some files from a Windows client installation Initially, I didn't know about the product, so therefore I went through the installation on Windows 8. No obstacles (and no restart despite installation of TAP device drivers!) here and the secured VPN channel was up and running in less than 2 minutes or so. Much appreciated from both parties - customer and me. Of course, this whole client package and my long year approved and stable installation ignited my interest to have a closer look at the WatchGuard client. Compared to the original OpenVPN client (okay, I have to admit this is years ago) this commercial product is smarter in terms of file locations during installation. You'll be able to access the configuration and key files below your roaming application data folder. To get there, simply enter '%AppData%\WatchGuard\Mobile VPN' in your Windows/File Explorer and confirm with Enter/Return. This will display the following files: Application folder below user profile with configuration and certificate files From there we are going to borrow four files, namely: ca.crt client.crt client.ovpn client.pem and transfer them to the Linux system. You might also be able to isolate those four files from a Mac OS client. Frankly, I'm just too lazy to run the WatchGuard client installation on a Mac mini only to find the folder location, and I'm going to describe why a little bit further down this article. I know that you can do that! Feedback in the comment section is appreciated. Configuration of OpenVPN (console) Depending on your distribution the following steps might be a little different but in general you should be able to get the important information from it. I'm going to describe the steps in Ubuntu 13.04 (Raring Ringtail). As usual, there are two possibilities to achieve your goal: console and UI. Let's what it is necessary to be done. First of all, you should ensure that you have OpenVPN installed on your system. Open your favourite terminal application and run the following statement: $ sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome Just to be on the safe side. The four above mentioned files from your Windows machine could be copied anywhere but either you place them below your own user directory or you put them (as root) below the default directory: /etc/openvpn At this stage you would be able to do a test run already. Just in case, run the following command and check the output (it's the similar information you would get from the 'View Logs...' context menu entry in Windows: $ sudo openvpn --config client.ovpn Pay attention to the correct path to your configuration and certificate files. OpenVPN will ask you to enter your Auth Username and Auth Password in order to establish the VPN connection, same as the Windows client. Remote server and user authentication to establish the VPN Please complete the test run and see whether all went well. You can disconnect pressing Ctrl+C. Simplifying your life - authentication file In my case, I actually set up the OpenVPN client on my gateway/router. This establishes a VPN channel between my network and my client's network and allows me to switch machines easily without having the necessity to install the WatchGuard client on each and every machine. That's also very handy for my various virtualised Windows machines. Anyway, as the client configuration, key and certificate files are located on a headless system somewhere under the roof, it is mandatory to have an automatic connection to the remote site. For that you should first change the file extension '.ovpn' to '.conf' which is the default extension on Linux systems for OpenVPN, and then open the client configuration file in order to extend an existing line. $ sudo mv client.ovpn client.conf $ sudo nano client.conf You should have a similar content to this one here: dev tunclientproto tcp-clientca ca.crtcert client.crtkey client.pemtls-remote "/O=WatchGuard_Technologies/OU=Fireware/CN=Fireware_SSLVPN_Server"remote-cert-eku "TLS Web Server Authentication"remote 1.2.3.4 443persist-keypersist-tunverb 3mute 20keepalive 10 60cipher AES-256-CBCauth SHA1float 1reneg-sec 3660nobindmute-replay-warningsauth-user-pass auth.txt Note: I changed the IP address of the remote directive above (which should be obvious, right?). Anyway, the required change is marked in red and we have to create a new authentication file 'auth.txt'. You can give the directive 'auth-user-pass' any file name you'd like to. Due to my existing OpenVPN infrastructure my setup differs completely from the above written content but for sake of simplicity I just keep it 'as-is'. Okay, let's create this file 'auth.txt' $ sudo nano auth.txt and just put two lines of information in it - username on the first, and password on the second line, like so: myvpnusernameverysecretpassword Store the file, change permissions, and call openvpn with your configuration file again: $ sudo chmod 0600 auth.txt $ sudo openvpn --config client.conf This should now work without being prompted to enter username and password. In case that you placed your files below the system-wide location /etc/openvpn you can operate your VPNs also via service command like so: $ sudo service openvpn start client $ sudo service openvpn stop client Using Network Manager For newer Linux users or the ones with 'console-phobia' I'm going to describe now how to use Network Manager to setup the OpenVPN client. For this move your mouse to the systray area and click on Network Connections => VPN Connections => Configure VPNs... which opens your Network Connections dialog. Alternatively, use the HUD and enter 'Network Connections'. Network connections overview in Ubuntu Click on 'Add' button. On the next dialog select 'Import a saved VPN configuration...' from the dropdown list and click on 'Create...' Choose connection type to import VPN configuration Now you navigate to your folder where you put the client files from the Windows system and you open the 'client.ovpn' file. Next, on the tab 'VPN' proceed with the following steps (directives from the configuration file are referred): General Check the IP address of Gateway ('remote' - we used 1.2.3.4 in this setup) Authentication Change Type to 'Password with Certificates (TLS)' ('auth-pass-user') Enter User name to access your client keys (Auth Name: myvpnusername) Enter Password (Auth Password: verysecretpassword) and choose your password handling Browse for your User Certificate ('cert' - should be pre-selected with client.crt) Browse for your CA Certificate ('ca' - should be filled as ca.crt) Specify your Private Key ('key' - here: client.pem) Then click on the 'Advanced...' button and check the following values: Use custom gateway port: 443 (second value of 'remote' directive) Check the selected value of Cipher ('cipher') Check HMAC Authentication ('auth') Enter the Subject Match: /O=WatchGuard_Technologies/OU=Fireware/CN=Fireware_SSLVPN_Server ('tls-remote') Finally, you have to confirm and close all dialogs. You should be able to establish your OpenVPN-WatchGuard connection via Network Manager. For that, click on the 'VPN Connections => client' entry on your Network Manager in the systray. It is advised that you keep an eye on the syslog to see whether there are any problematic issues that would require some additional attention. Advanced topic: routing As stated above, I'm running the 'WatchGuard client for Linux' on my head-less server, and since then I'm actually establishing a secure communication channel between two networks. In order to enable your network clients to get access to machines on the remote side there are two possibilities to enable that: Proper routing on both sides of the connection which enables both-direction access, or Network masquerading on the 'client side' of the connection Following, I'm going to describe the second option a little bit more in detail. The Linux system that I'm using is already configured as a gateway to the internet. I won't explain the necessary steps to do that, and will only focus on the additional tweaks I had to do. You can find tons of very good instructions and tutorials on 'How to setup a Linux gateway/router' - just use Google. OK, back to the actual modifications. First, we need to have some information about the network topology and IP address range used on the 'other' side. We can get this very easily from /var/log/syslog after we established the OpenVPN channel, like so: $ sudo tail -n20 /var/log/syslog Or if your system is quite busy with logging, like so: $ sudo less /var/log/syslog | grep ovpn The output should contain PUSH received message similar to the following one: Jul 23 23:13:28 ios1 ovpn-client[789]: PUSH: Received control message: 'PUSH_REPLY,topology subnet,route 192.168.1.0 255.255.255.0,dhcp-option DOMAIN ,route-gateway 192.168.6.1,topology subnet,ping 10,ping-restart 60,ifconfig 192.168.6.2 255.255.255.0' The interesting part for us is the route command which I highlighted already in the sample PUSH_REPLY. Depending on your remote server there might be multiple networks defined (172.16.x.x and/or 10.x.x.x). Important: The IP address range on both sides of the connection has to be different, otherwise you will have to shuffle IPs or increase your the netmask. {loadposition content_adsense} After the VPN connection is established, we have to extend the rules for iptables in order to route and masquerade IP packets properly. I created a shell script to take care of those steps: #!/bin/sh -eIPTABLES=/sbin/iptablesDEV_LAN=eth0DEV_VPNS=tun+VPN=192.168.1.0/24 $IPTABLES -A FORWARD -i $DEV_LAN -o $DEV_VPNS -d $VPN -j ACCEPT$IPTABLES -A FORWARD -i $DEV_VPNS -o $DEV_LAN -s $VPN -j ACCEPT$IPTABLES -t nat -A POSTROUTING -o $DEV_VPNS -d $VPN -j MASQUERADE I'm using the wildcard interface 'tun+' because I have multiple client configurations for OpenVPN on my server. In your case, it might be sufficient to specify device 'tun0' only. Simplifying your life - automatic connect on boot Now, that the client connection works flawless, configuration of routing and iptables is okay, we might consider to add another 'laziness' factor into our setup. Due to kernel updates or other circumstances it might be necessary to reboot your system. Wouldn't it be nice that the VPN connections are established during the boot procedure? Yes, of course it would be. To achieve this, we have to configure OpenVPN to automatically start our VPNs via init script. Let's have a look at the responsible 'default' file and adjust the settings accordingly. $ sudo nano /etc/default/openvpn Which should have a similar content to this: # This is the configuration file for /etc/init.d/openvpn## Start only these VPNs automatically via init script.# Allowed values are "all", "none" or space separated list of# names of the VPNs. If empty, "all" is assumed.# The VPN name refers to the VPN configutation file name.# i.e. "home" would be /etc/openvpn/home.conf#AUTOSTART="all"#AUTOSTART="none"#AUTOSTART="home office"## ... more information which remains unmodified ... With the OpenVPN client configuration as described above you would either set AUTOSTART to "all" or to "client" to enable automatic start of your VPN(s) during boot. You should also take care that your iptables commands are executed after the link has been established, too. You can easily test this configuration without reboot, like so: $ sudo service openvpn restart Enjoy stable VPN connections between your Linux system(s) and a WatchGuard Firebox SSL remote server. Cheers, JoKi

    Read the article

  • Cisco 1841 Box and Watchguard XTM21-W

    - by Corey
    I have never set one of these up before and need a little assistance. Right now we have a T1 line coming in from Sprint to a Cisco 1841 and then on to our router. However, when I plug the Cisco 1841 into Port 0 and the router into Port 3 it does not work. In Port 1 I have my management computer plugged in. We have one subnet and this must be easy but I cannot figure out how to make this work. When the firewall is plugged in then I get no internet or network access.

    Read the article

  • Block web browsing by older browsers

    - by Eamon
    Given the vulnerabilities in older versions of IE, I want to enforce a rule that only the latest IE or Firefox is used to browse the web. I can't ensure that everyone's PC is up to date, so is there a firewall that will let me write a rule to restrict the version of the browser that can make requests through the firewall? Our current firewall is from Watchguard

    Read the article

  • What's causing Remote Access error 807 using rasdial.exe to connect to a PPTP VPN?

    - by Dylan Beattie
    I'm using rasdial.exe to connect an offsite server to our VPN. Remote box is a Windows 2008 x64 server; the VPN host at this end is a Watchguard Firebox x750e running Fireware 10.2 It connects fine about 20-30% of the time. The rest of the time I get: Remote Access error 807 - The network connection between your computer and the VPN server was interrupted. This can be caused by a problem in the VPN transmission and is commonly the result of internet latency or simply that your VPN server has reached capacity. Please try to reconnect to the VPN server. If this problem persists, contact the VPN administrator and analyze quality of network connectivity. For more help on this error: Type 'hh netcfg.chm' In help, click Troubleshooting, then Error Messages, then 807 The VPN isn't full, and it's 100Mb dedicated fibre on both ends so I can't believe it's a connectivity issue - especially since I'm RDP'ed into the remote box whilst trying to do this! Any bright ideas as to what might be causing the problem? Thanks, Dylan

    Read the article

  • Firewall Authentication - logon failed

    - by RoseofPurple
    I am attempting to use a Watchguard firebox 550e with Fireware XTM 11 to authenticate incoming traffic for RDP access. I have configured the firewall to use my domain controller for Active directory authentication with a Windows 2000 server farm and added a couple of user accounts to the users list in the firewall, but when I attempt to log onto the authentication page for the firewall, I get Logon failed. I know that the user names work and that the passwords are correct. I am also certain that I have told it to log on using Active Directory instead of the FireboxDB. I have tried using the username alone, the domain\username, and the email address. I believe that the Search base is correct (DC=mydomainname,DC=com), and I did not change any defaults for sAMAccountName (and I do not recall making any changes to those items when configuring the domain structure). Any assistance would be appreciated.

    Read the article

  • Webservice randomly dropping connections - possibly due to firewall nonevent data?

    - by adam
    I have a hosted webapp which requests data from a REST webservice in our office. Each page calls one (or several) webservices, which go from our host, via our firewall (a Watchguard Firebox) to a server in our office. All of a sudden, the app has dramatically slowed. We have determined that the webservice is timing out at random when called externally (it's fine when called within the office network). I'm pretty certain it's our connection which is dropping the webservice call, so I've written a quick php/curl script which calls the webservice over many iterations and shows the various timings. Below is an example output, showing both a failed and a successful call (with a 5 second timeout): http_code namelookup_time connect_time pretransfer_time starttransfer_time total_time 1 0 0.000096 0.0342 0.0000 0.0000 0.0342 2 200 0.000052 0.0332 0.1327 0.1751 0.1752 As per iteration #1 above, failed requests seem to be failing between connect and pretransfer. I'm not sure if this shows that the connection is successfully past the firewall, or could the firewall still cause an issue? Our firewall is showing a series of nondata event log messages for the relevant access rule. Our IT team tells me these are routine, although I can find no mention of these in Google. I'm not sure if this fits in between connect and pretransfer. Having elinated the webservice server (by testing internally) and the live webapp (by testing different code on different external servers, I am left suspecting the connection to the office. Could the firebox nondata events be causing a problem between connect and pretransfer?

    Read the article

  • Firebox 1250e Core Failing?

    - by Noah
    We have 2 Firebox 1250e Core firewall boxes in our production environment, serving as an active and passive mode. A few months back, the active box was flashing a warning light, so our consultant removed it, and plugged it in to a test network. Everything appeared to be working fine, so he reloaded it into the production environment, and we didn't see any other issues. Fast forward to last week, and out network was constantly dropping connections over RDC, timing out, and performing as if there was a traffic issue. I turned off the production box and everything began to work fine immediately. At this point though, I'm not sure how to proceed. Should the box be completely replaced? Is there any recommended testing we could do to determine if there is a failure of some type with this device? Should we try upgrading the software on it? I know the environment isn't the issue, since the passive box (which is now the active one) is working fine. We'd like to have 2 in production though for safety failover purposes. I am not a network admin, but am hoping someone here might be able to provide some guidance.

    Read the article

  • Using the option port on my Watchguard Firebox as a 2nd gateway exit point?

    - by Donovan
    I'm working on a network project in witch I have to design our network to provide two different exit points. The points are differentiated by the path through the corporate network. One of them travels through some monitoring hardware the other does not. We have a Watchguard Firebox in use as our gateway. Currently the network side provides the unmonitored exit point. I was wondering if i hooked the option port to our lan at a point that would force traffic through the monitored path, would it cause any problems? Access to the unmonitored gateway port would be restricted by ip. That would force all others not authorized to point to the monitored gateway port. I thought with the above design i might be able to get away with not having to buy another firebox to achieve the design I want. Thanks, D

    Read the article

  • Cisco ASA with CSC module bypassing

    - by Shial
    We recently upgraded from a Watchguard X5500e Peak firewall appliance to a Cisco 5500 ASA with the CSC module. The ASA is running the 8.2 software and the CSC is on the 6.3.1172 software. We've finally gotten everything stabilized after a few weeks of pulling hairs and gnashing of teeth and now its down to trying to setup a few items that were lower on the priority list. With the watchguard we were able to go with the browser to an internal webpage and authenticate against the firewall to allow us to bypass the filters. Useful when a classroom here needs access to streaming media or an executive needs us to download a video. I'm trying to setup something similar but I'm fairly inexperienced with the Cisco devices like this ASA so I'm not sure if its treated as a VPN connection or some kind of ACL. Ideally we would want to setup more than one to limit exposure rather than one thats wide open when used. I did a search and couldn't find anything related to thing in the other questions asked here and I have had no luck googgling it either.

    Read the article

  • php mail not arrives at gmail, not at local server

    - by thomas
    The php mail function I am using does not work completely. It will sent mails to gmail easy enough. However, emails routed directly to my internally hosted exchange server are not getting through. The servers/domains are setup is as follows. URLs are registered with Network solutions (www.independentsservice.com & www.isco.net) NS directs all traffic to our ISP (Socket.net). Socket directs as follows: Mail to our local server FTP to our local server HTTP to our website hosted on Chihost.com Traffic to our local server goes through a Watchguard firewall which routes mail traffic to our locally hosted Exchange server. Is there some reason why exchange won't accept these emails? Thanks!

    Read the article

  • What are the advantages and disadvantages of having a hosted firewall?

    - by Roy
    Would you rather have your firewall hosted or in house if you've got the skills to manage it? We currently have 6 remote offices and 2 different ISP's, one private network and our firewall (Watchguard, licenses are due to expire) is also our main gateway. I don't see how a hosted firewall (in this case Fortinet) is going to work for us especially when it's cheaper to buy our own firewall and the transition from one ISP to a new provider will take some time because our current contracts aren't due to expire soon. What are to pros and cons of having a firewall hosted by your ISP in general?

    Read the article

  • Good 1U Rack Firewall

    - by AX1
    Hello, I'm trying to find a good 1U rack firewall at a reasonable price. Most pricing is completely out of space (thousands of dollars? Why?). I don't want to list all features I need/want (there are too many variations but I don't care about most of them) - I'm just looking for something simple and not overly expensive. I've looked at the WatchGuard XTM 505 which is more reasonably priced -- are there any other firewalls in that range or even less expensive that are good for a small company?

    Read the article

  • sonicwall nsa 240

    - by Adam
    Hi We are looking into putting a hardware firewall into a data center to protect our rack of servers. We are using the servers for terminal services and we have 2 x 1GB connections to the Internet. We have about 50 servers supporting about 250 users which will grow very soon to 500 users. We plan to purchase 2 hardware firewalls to provide HA. Do you think the Sonicwall NSA 240 with Total Secure is a good match for this in terms of performance and protection (from spyware, virus etc?) or is there a better purchase? (Maybe a Watchguard X5 or X8?)

    Read the article

1 2  | Next Page >