Actually Jim, I'm kinda embarrassed now. Turns out my unit doesn't have the backup issue. It just didn't like the 19 character encryption key that I was using. Backed it down to 8 characters, and everything went smooth as buttah... I'm upgraded to 10.2.2 now, and have a good backup of the flash image, and the config.
Joe Heaton Employment Training Panel From: Jim Majorowicz [mailto:[EMAIL PROTECTED] Sent: Thursday, October 16, 2008 9:45 AM To: NT System Admin Issues Subject: RE: Watchguard firewall question Is the unit currently on the same version it shipped with? IE, when you got it, did it come with version 9 installed or version 8? If it's got 9 on it, and it came with 9, I'd say reset the unit to factory, reapply the config and then try the update. Otherwise, I say call your Watchguard support (somebody with direct access to level 2 support and skip the Level 1 support). I'd offer, but I don't think you're in the area, and our rates are $125/hr... From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2008 10:30 AM To: NT System Admin Issues Subject: RE: Watchguard firewall question I have a good copy of the config, but not of the flash image. Joe Heaton Employment Training Panel From: Jim Majorowicz [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2008 9:58 AM To: NT System Admin Issues Subject: RE: Watchguard firewall question I can tell you from experience, don't do the upgrade without the backup. The one time I decided to forgo the backup before doing an upgrade, the upgrade bombed. Recovery was a serious pain in the ass. Do you have a good copy of the current configuration? From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2008 8:38 AM To: NT System Admin Issues Subject: RE: Watchguard firewall question Yes, I'm on the forums all the time. I did find this issue there, and was about to post about it. It exists both in the go to 100% then back to 0, and what I'm seeing, go to 1%, then back to 0 and hang. At the moment, I'm trying to decide whether to do a wipe, and reconfig of current version, or simply do an upgrade. Joe Heaton Employment Training Panel From: Steve Burkett [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2008 8:07 AM To: NT System Admin Issues Subject: RE: Watchguard firewall question Is that a typo? 1%? If you meant progress bar goes to 100% then back to 0%, then that's a known bug with pre 10.2.2 firmwares. 10.2.2 solves the issue (or indeed 10.2.3 now). If you haven't used them before, get on the Watchguard support forums. There are a couple of guys on there that REALLY know the Watchguard stuff well, are very active in the forum, and are much much more useful then the official Watchguard Tech Support. Hope it helps, Steve. From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: 15 October 2008 15:38 To: NT System Admin Issues Subject: RE: Watchguard firewall question Ok, I opened another session, and was able to cancel the original backup. Tried the straight backup, and got the same results. The Backup window comes up, progress bar goes to 1%, back to 0% and stayed there. Got out of it again, rebooted the firewall, tried a straight backup again, and same results. I am not comfortable upgrading without a good flash image backup, so I'm now trying to figure out why the backup won't work. Joe Heaton Employment Training Panel From: Mark Boersma [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2008 7:13 AM To: NT System Admin Issues Subject: RE: Watchguard firewall question Negative. It should zip through it in a few seconds. I would cancel the upgrade and try to do a manual backup first. "File" "Backup" in the policy manager. Mark ------------------------------------------------- Two rules to success in life: 1. Never tell people everything you know. From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2008 10:10 AM To: NT System Admin Issues Subject: RE: Watchguard firewall question Ok, quick question, may be paranoia. I'm having the box back up the image before upgrading, and it has been sitting at 0% for about 5 minutes now. Is that normal? Joe Heaton Employment Training Panel From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 14, 2008 4:01 PM To: NT System Admin Issues Subject: RE: Watchguard firewall question Well, then hopefully the upgrade will help. I'm running 10.0 at the moment, and plan to upgrade to 10.2.3 in the morning... Joe Heaton Employment Training Panel From: Jim Majorowicz [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 14, 2008 3:36 PM To: NT System Admin Issues Subject: RE: Watchguard firewall question Just that getting a Firebox to actually search the right OU is a pain in the freaking ass. Of course, the two times I've configured such, I was using 9.1, so take that for what it's worth. It's suppose to just "work" in 10.2 and later, but I have not had to set that up from scratch, just updated the ones I did a year ago. From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 14, 2008 3:05 PM To: NT System Admin Issues Subject: RE: Watchguard firewall question Ok, so I've gotten a successful connection using the Firebox DB for authentication. I'd like, however, to use AD authentication, but I keep getting a PAP/CHAP error of Wrong username or password. I've created a security group, named VPN, I've put myself in the group, and I've setup the authentication server within the firebox to go to the correct OU. Any ideas on this? I haven't upgraded the firebox yet, plan to do that in the morning, but any tips I can find in here to help point me would be appreciated. By the way, I ended up checking the IPsec passthru box to get to where I am now. Joe Heaton Employment Training Panel From: Mark Boersma [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2008 5:16 PM To: NT System Admin Issues Subject: RE: Watchguard firewall question Actually 10.2.3 is out now. Usually the IKE errors occur if the client can't see the server, as in no internet connection. Can you ping the IP of the Firebox you are trying to connect to? Mark ------------------------------------------------- Two rules to success in life: 1. Never tell people everything you know. From: Jim Majorowicz [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2008 4:29 PM To: NT System Admin Issues Subject: RE: Watchguard firewall question If it's never worked before, I suggest contacting your support. You might try upgrading the firewall to 10.2.2. There were some issues with 10.0 and even 10.0.1 with certain types of MUVPNs. From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2008 1:07 PM To: NT System Admin Issues Subject: RE: Watchguard firewall question Fireware v.10 on the box, Yes, using Watchguard Mobile VPN client v. 10.04. Using a laptop for the connection, at the moment directly connected to the network. I do have support, I just figured I'd post here, to see if anyone had any previous experience with this general error, before I called them. Joe Heaton Employment Training Panel From: Jim Majorowicz [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2008 10:49 AM To: NT System Admin Issues Subject: RE: Watchguard firewall question What version of the software is installed on your Core? Are you using the Watchguard Moble Client software? What kind of PC are you connecting from? Do you get support from your reseller? From: Joe Heaton [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2008 10:15 AM To: NT System Admin Issues Subject: Watchguard firewall question Anyone familiar with setting up VPN w/IPsec on these? I have a 750x and I keep getting an IKE error - Lost contact to peer. I have the log file, but it's not very enlightening either. I know there's a couple of Watchguard guys on here, and I figured I'd give it a shot before I call support. Thanks, Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 [EMAIL PROTECTED] ________________________________ Please consider the environment before printing this email. ________________________________ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ________________________________ Please consider the environment before printing this email. ________________________________ CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. === STEMCOR CONFIDENTIALITY AND DISCLAIMER NOTICE This e-mail is intended only for the addressees named in it. The contents should not be disclosed to any other person nor copies taken. Any views or opinions presented are solely those of the sender and do not necessarily represent those of Stemcor unless otherwise specifically stated. Stemcor does not accept legal responsibility for the contents of this message nor responsibility for any change made to it after it was sent by the original sender. You are advised to carry out a virus check before opening any attachment as Stemcor does not accept liability for any damage sustained as a result of any software viruses. You should be aware that Stemcor reserves the right to read incoming and outgoing emails. === ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
