Knowledge Base Digest - September 2024

Articles

• Download MSP Authorization Form to authorize WatchGuard MDR to access CrowdStrike tenant
• Firebox Cloud support for TLS v1.2 for Azure Blob Storage
• ThreatSync+ NDR sFlow sample size

Known Issues

• Edge browser with strict tracking prevention cannot access WatchGuard Cloud Resource Center
• Mobile VPN with SSL connections fail when Firebox has FIPS mode enabled
• Gateway AntiVirus remains enabled on Outgoing core policy after downgrade to Standard Support license
• RADIUS authentication with a Firebox fails when the group name includes a \
• Cannot download snapshot or PCAP files for a Firebox from WatchGuard Cloud
• Operators with custom roles cannot view or manage authentication domains
• In MDR Managed Services portal, WatchGuard Agent page does not show the correct status
• T185 or M295 FireCluster member reboot results in unresponsive cluster member
• WatchGuard Cloud scheduled report missing data from 4 - 10 January 2026
• Traffic does not pass over a BOVPN tunnel after a FireCluster failover
• M295 FireCluster upgrade from WatchGuard Cloud fails to upgrade both cluster members
• T85-PoE, M290, M390, and M590 Fireboxes can fail to upgrade firmware and update security service signatures
• Trusted CA for Proxies certificates shows expired certificates
• When an IDS scans the Firebox, the block failed logins feature blocks 127.0.0.1
• VPN tunnel traffic directed through an HTTPS Policy causes reboot of Firebox T125 and T145
• UDP fragmentation over a BOVPN VIF does not work correctly on T125 and T145 causing authentication failure
• Slow BOVPN with VIF performance on Firebox T125 and T145
• Cannot log in to Firebox after downgrade from Fireware v2026.1 to v2025.1.4 or lower and Wi-Fi 7 802.11be configured
• Slow VPN performance with several BOVPN and Mobile VPN active tunnels on T115-W, T125, T145
• Slow upload/download speeds on T125/T145 when eth0 is the external interface

Articles

• WatchGuard access point might lose connection to WatchGuard Cloud after certificate upgrade
• AuthPoint Audit Logs Show Successful Authentication for Failed Logins with the Agent for Windows
• Local AuthPoint Users Show as WatchGuard Cloud Directory Users
• AP shows inactive status and cannot connect to Wi-Fi Cloud
• What to do if you lose the Dimension administrator password
• ThreatSync incidents and blocked and trusted access points not available in WatchGuard Cloud after account merge
• Wireless clients cannot access domains in the Walled Garden before they authenticate to a Captive Portal
• Download and Run PSInfo
• AP125, AP225W, AP325, AP327X, or AP420 managed by Gateway Wireless Controller with Discovered status cannot be paired
• Use a PowerShell script to prepare Microsoft Azure CSPM for integration with WatchGuard MDR
• Use an AWS CloudFormation template to integrate AWS CSPM with WatchGuard MDR
• Legacy installer for WatchGuard Connection Manager for FireCloud no longer supported
• AuthPoint Logon app compatibility with macOS 26.2
• Recommended number of VLANs for Firebox hardware models
• WSM Installer - There is insufficient disk space to complete the operation

Known Issues

• Valid search query for specific groups might not save in Directory Sync Advanced Filter settings
• Traffic fails through an established BOVPN tunnel when you enable IPS
• Large UDP packets do not pass over BOVPN VIF tunnel
• Manage endpoints in WatchGuard Cloud requires Endpoint Security permissions
• Scheduled report files are not available for download from the report history in WatchGuard Cloud
• Mobile VPN with SSL requires admin installations - SAML login fails with white screen and error
• Live Status > Blocked Sites page might not load the list of blocked sites if it contains many blocked sites
• Users get an error when they use the Forgot Token feature in the AuthPoint application portal
• Firebox BOVPNs in error state after upgrade to Fireware v12.11.5 or v12.11.6
• Existing Management Server template missing new Firebox models and cannot be applied
• Firebox crashes when traffic hits a proxy policy through a BOVPN tunnel
• Firebox T125, T145, and T185 drop GRE traffic across a BOVPN tunnel or BOVPN Virtual Interface

Articles

• How do I configure an RMA replacement access point?
• Submit feedback and feature requests through the WatchGuard Idea Portal

Known Issues

• When updates to an AD or LDAP authentication domain are made, advanced filters are removed
• Firebox crashes when HTTP traffic hits an HTTP-proxy policy over a Mobile VPN with IKEv2 tunnel
• WatchGuard Mobile Security app - Disable App Hibernation or Ignore Battery Optimizations permission issues on Android 12 or higher
• Arm LED indicator light flashing red on Firebox
• Operators with custom roles cannot access the UI for AuthPoint, FireCloud, or some cloud-managed Firebox configurations
• Mobile VPN with SSL routing issue on LA or VLAN interfaces with secondary IP
• AuthPoint authentication server is not available for cloud-managed Firebox
• Unable to apply deployment when DHCP option 150 contains multiple IP addresses
• Cannot update feature key in Policy Manager when you move FireCluster configuration to new Firebox hardware model
• Endpoint details for an endpoint with FireCloud shows Error #1
• Untagged VLAN fails when VLAN 1 is tagged on the same interface
• Firebox appears unresponsive and one or more network interfaces do not process traffic
• Only one tagged VLAN works when there are multiple tagged VLANs on an interface
• Conditional DNS forwarding refuses queries on internal interfaces with DNSWatch enabled
• VIF traffic denied as unhandled when you use default BOVPN allow policies

Updated Video Tutorials

• Get Started with WatchGuard Licensing video:
  https://youtu.be/1gQIYmwFVr0
• Get Started with ThreatSync video:
  https://youtu.be/xL8GtQyqpb0