WatchGuard

Improvements in Watchguard 11 quick setup wizard

One thing that Watchguard did well in there new software version was to include the option to enable DHCP as part of the quick setup wizard. Here is why this is great. Previously you would start up your watchguard in safe mode and hook your computer to it. You would then get an IP address from it (10.0.0.2) which you could use to start your quick setup wizard. You would then configure the internal interface with the IP you would actually want and the reboot the watchguard. However previously DHCP was always off meaning you would then have to go and manually configure an IP address on your machine to match what you configured the internal interface as if you wanted to continue. Needless to say this was a pain in the butt.

Upgrading to Watchguard Fireware 11

In reviewing the release notes on the site and speakign to a watchguard rep the best upgrade path to the new fireware XTM version 11 is by first upgrading your existing firebox to version 10.2.9 and then upgrading to 11.

Upgrading directly from any version below 10.2.9 is not recommended and could cause the upgrade to cause the fireware image to become corrupted

Fireware 11 has been released!

So in the past I have criticized Watchguard a tad when they constantly give me the answer that my issue is a known bug and will be fixed in the next version …

Well the next version is here! Fireware 11 has been released to the general public. I will get trying it out in the coming days and reporting back here but a quick look in my IT crystal ball tells me that Watchguard will have indeed fixed all those little bugs which plagued my existence for so many months. Before Watchguard draws too much succor from my words I should also point out that my IT crystal ball tells me that I will be soon plagued with a ton of new bugs which won’t be fixed till version 12 comes out.

Watchguard MUVPN not working due to Mcafee firewall

I hate personal firewall products but none so much as I hate mcafee. I was testing a MUVPN and the tunnell just wouldn’t established. I turned that thing into swiss cheese, it shouldn’t have been blocking anything but the VPN tunnel STILL wouldn’t come up until I actually turned off the service. Gah it’s frustrating.

A review of the Cisco ASA 5505

I deal with a lot of small business’s and branch offices and up until now we generally have been promoting the Watchguard X10e for their firewall needs. However I have recently been very impressed with the Cisco ASA 5505 for this business space. Its got great functionality, robustness and the price point is far cheaper then I think most people might realize. For 10 user license pack CDW is retailing a unit a 414 dollars! For a Cisco partner such as my company we can usually do even better.

Watchguard Edge devices missing ping utility

The ability to ping from a firewall is a fantastic and some might say essential tool for troubleshooting network (in particular routing) issues. It is for this reason that pretty much every major commercial firewall product out there has this ability (even Sonicwalls). Yet for some reason the Watchguard Edge’s do not. Why this is I have no idea, I could speculate but it wouldn’t be very complimentary.

SSO agent update for Watchguards

So a couple days after I complain about Watchguard having a broken SSO agent they release an update! Perhaps they read my blog? In any case before all they had was an agent which gets installed on a server, now they have both an agent and client. The client runs in the background and facilitates the passing of credentials. I will implement this in the next few days and report on how it goes.

SSO agent known issue for Watchguard firewalls

After troubleshooting an issue with the SSO agent causing internet disconnections for users I have discovered from Watchguard tech support that this is a known issue. It will be fixed in the next update. There are no workarounds in place other than disabling the SSO agent.

Watchguard - Limitation when setting up High Availability

I don’t expect the various hardware and software out there to be perfect, really I don’t. However what I do expect is when there is a limitation or problem with a product that the vendor documents it somewhere. It is such a waste of my time to fight with an “issue” for hours on end only to find out that it is a known issue. For example with the Watchguard Core’s. When setting up High Availability mode you have to set HA to run on one of the first 4 ports. If you set it on any of the latter ports it won’t work properly. No reason for this, it just won’t work.  While this can be a little annoying it really isn’t a huge deal IF you know about in advance. Given the fact that I couldn’t find documentation on this then hopefully this blog will save you the time that I lost.

Watchguard SSL VPN issues

I encountered an issue with a setting up SSL VPN’s on Watchguard firewall’s.  When using AD integration you need to create a group called SSLVPN-Users as part of the proccess. In this case we wanted everyone to have access so we added Domain Users to the group. This doesn’t actually work, the client connects without errors but you are unable to ping any resources.. You need to specify to users here individually for this to function properly.