Watchguard Manager Download

[Beltran Mathews]

HelloI'm new to watchguard, so apologies in advance. I've been tasked with documenting all the configuration on our branc office m470 and the guy who knew everything quit. Yay. Anyway, I have spent the entire day trying to figure out how I can export meaningful information to a csv or xml file that is actually readable. I tried the "save - as file" from withing fireware policy manager but it's just impossible to draw anything meaningful from it. I'd be happy if anyone knows how to do this, or if it is even possible. CLI or GUI, doesn't matter.

Thank you.

In the WebUI, if you go to System -> Configuration File, there is a link to generate a firebox configuration report, which is designed for documentation tasks such as what you're doing. (This generates a new tab/pop-up, and you may need to tell your browser to allow those for that site.)

You install WatchGuard System Manager (WSM) software on a computer that you designate as the management computer. You can use the WSM tools on the management computer to manage your Firebox and get access to information such as connection and tunnel status, statistics on traffic, and log messages.

Select one Windows-based computer on your network as the management computer and install the WSM management software. To install the WatchGuard System Manager software, you must have administrative privileges on the management computer. After installation, you can use the WSM client application and tools with Windows Power User privileges, but you must have administrative privileges to use WatchGuard Server Center and manage your WatchGuard servers.

You can install more than one version of WatchGuard System Manager on the same management computer, as long as the versions of WSM are not in the same major release version. For example, you can install both WSM v10.2 and WSM v11.9.4, but not WSM v11.8 and WSM v11.9.4. You can install only one version of server software on a computer at a time. For example, you cannot have two Management Servers on the same computer.

If you install WatchGuard System Manager behind your firewall, to use WatchGuard WebCenter, you must have the WG-LogViewer-ReportMgr packet filter policy in your Firebox configuration to open the correct ports.

If you have a previous version of WatchGuard System Manager, make a backup of your security policy configuration file before you install a new version. For instructions to make a backup of your configuration file, go to Save a Firebox Backup Image.

You can download the most current WatchGuard System Manager software at any time from software.watchguard.com. If you are a new user, before you can download the WSM software, you must create a user profile and activate your product at the WatchGuard website.

After your Management Server is installed, you can use it to manage your Fireboxes. Before you add devices to your Management Server, make sure they are set up and configured correctly. To set up each device, you must run the Quick Setup Wizard either from the web or as a Windows application. For instructions to run the wizard from the web, go to Run the Web Setup Wizard.For instructions to run the wizard as a Windows application, go to Run the WSM Quick Setup Wizard.Uninstall a WatchGuard System Manager ComponentTo uninstall WatchGuard System Manager, WatchGuard Servers, or Language Packs:

I've noticed that while System Manager is reporting the version as 12.8.2, the Update Status is showing "Pending" - usually we can just expire lease/hit "Update Device" and it will change to "Complete" but this doesn't seem to be happening now.

Pending generally means that the firewall is in "fully managed mode" and hasn't checked in to get its update from the management server yet. Expiring lease basically tells the firewall to call home and get the new config now.

I'd suggest opening firebox system manager for the firewall in question.

-If you can't open FSM, it means that the firewall's IP may have changed or we can't access it for some reason.

-If you can get to FSM or log directly into the firewall, search for "dvcp" in traffic monitor and see if there are any errors -- if they are they should point in the direction of the problem.

If you open your policy manager and click open. You should be able to go in there and open an existing saved configuration for your old box. This will not be the actual config, simply an open config file. If you go in there, change the feature keys and resave it. It will then be the old config with the new serial number. You will have to verify all ports are the same on your old box and new box. When the config looks like its good for the new machine, you should be able to than save that config to your NEW firebox. Since it has the new firebox feature key, it should work just fine.

Download the latest version of WSM (11.11) and install it on a second computer. Can this one open the config from your M300? If this works, upgrade the first PC with the new version of WSM. Possibly uninstall WSM before that, to start with a clean install.

From my workstation I successfully connected, with System Manager, and opened the Policy Manger for each firewall. It was 8 firewalls in total of various models and firmwares. Had no issues with 11.10.5 on those that had it.

Hey @sophie357 - Was just about to respond with a possible fix then noticed that you worked it out with our support team! Glad they were able to help you out. If you need anything in the future regarding WatchGuard, feel free to reach out to me

Hi, when I use WSM, Policy Manager and I try to open a configuration, the load is slow, more ore less 6 minutes. If I use https portals, the load is immediately. Some idea ? There is a local cache to empty or some limits ? (I have alias with hundred of ip) Thank you.

Hi @Ftrenti

If you're using policy tagging on a lot of policies, this can slow down policy manager quite a bit as it loads and prepares filters for all of them. if you are using them, try turning them off or reducing the number of categories in use.

Before I open a support ticket, has anyone else noticed that the blocked sites list in system manager application is quite slow (to load & change sorting, etc) as compared with prior versions? The web-based version seems normal.

Same here, ever since 12.9.(B673767) WSM I can't even scroll the Blocked Sites tab. It takes several MINUTES to respond and eventually bogs down to the point where WSM becomes completely useless for monitoring our M370.

If there is some kind of a java environment variable work-around for this it would be very handy to know - or Watchguard Development had better get this issue fixed ASAP as it is essentially preventing us from managing the appliance at our corporate office. This is a HUGE problem.

You really should open a support case on this.

Anyone with a significant problem should.

This is the best way to get help in resolving it, and the best way to let WG know how important the issue is to your site.

I actually tried to use the web ui as a work-around but deleting the blocked sites didn't work. I would highlight a row, click delete and yes in the popup window to confirm but the IP remained.

The other big complaints I have about the web UI in this case are that you can only select one IP row at a time to delete (in WSM you can shift-range-highlight to delete) and then the list resets view after delete to page 1, so if I need to delete multiple IP addresses on page 4, I need to click-Scroll to page 4, highlight the row, click delete, click OK to confirm and then click-scroll back to page 4 again to delete the 2nd+ IP address. So if the first row didn't delete properly I'm wasting my time chasing the dogs tail. A multi-select would be handy.

I will open a support ticket about the slow behavior of the blocked sites list, WSM becomes almost unusable in this condition and I have to crash out the window using Task Manager if I want to switch back to any other tab. I'm hoping there might be some sort of a java buffer setting on the local PC that may work-around the behavior.

The bug ID for this issue is FBX-24474 -- the issue is related to a change in WSM that causes the query time to increase for blocked sites. FSM will fail to load the list in the refresh interval, and in some cases may stop responding.

I have a Firebox M390. I am still using WebCenter. When I opened WebCenter today I received a message that my certificate had expired. I went into the CA Manager and attempted to create a new certificate. I put in all the information requested and clicked Generate. It just says creating certificate and spins and never actually creates the certificate. I know this is old technology but I was wondering if anyone could help me with this. Thanks

Presumably, that is the cert which is created by WSC installation - see WSC -> Management Server -> Certificates.

Try updating the Certificate Authority Lifetime to a higher value and see if that does anything helpful.

I can't access the certificate info in the CA Manager. If I go to CA Manager, Manage and search for the certificate by serial number nothing happens. No errors, no messages, nothing. When I search by Common Name I get "Some errors occurred during processing" The only info I can get on the certificate is what Google Chrome tells me when I open Web Center and Chrome says that the web site is not secure because the certificate is not valid. Updating the Certificate Authority Lifetime to a higher value did not help. I can view the certificates under CA Manager, View.

In the Run box, enter MMC

Then File - Add/remove snap-in

Then select Certificates -> Add -> My User Account -> Finish

OK button

Then double click Certificates - Current User

Then Action -> Find Certificates

enter "watchguard" in the Contains field

You will see a list of certs including WatchGuard Certificate Authority.

Right click on cert for an option to delete it.

I deleted all of the WatchGuard Certificate Authority certs.

Then I ran WSM -> Connect to Server, which created a new WatchGuard Certificate Authority cert with new dates.

3a8082e126