Re: Watchguard Feature Key Keygen Mac
Otniel Doetzel
One of our facilities we swapped out a T35 for a T40...those of us who know WG know that you can just scoot the config over with System Manager...change the device, update the feature key and you are identical to where you were minutes ago.....well, not anymore.
The AP's license did not move. Makes no sense that they do not update their feature keys (AP320's that are grandfathered). Support says talk to Customer Care who says talk to support. I am going to default one of the APs to see if that resolves the issue...but, if it does not, we will replace with Meraki (including the edge)...
Me too, many many times....just last week we replaced a T15 with a T20, week before a T90 with an M390....all of a sudden this one does not want to seem to play (only thing I find as a clear difference is the most current firmware on box). The edge at this facility is 100% grandfathered...next step would be to default the AP's and see what happens. But, if I have to send folks out to get to high ceilings we are going to replace the APs with another vendor.
Last week i had a quote from Meraki as we needed 29 more switches. Their prices has gone through the roof. Same switch, same service as we bought before is now 120% more expensive. They ended up given me 20% discount from the 120% increased price.
I did some digging around and was able to find out there was an issue discovered yesterday (27 June 2022) related to generating/retrieving feature keys for some customers -- this has since been fixed.
@TestingTester If you're still running into the issue, I'd suggest trying to let the system pull the feature key again -- if that's the issue you were running into, it should work now. Customer care and the support team can generate keys manually should the system go down. Without a case number, serial numbers, or any other info, I can't verify that's specifically what's happening, though.
Feature keys never moved with the .xml configuration file (if you save your config file from policy manager, you'll see two files, a .xml, which is your config, and a .lic.gz file, which is license data. If you moved to a different device, the license data would be ignored.
If you're having problems with any of that, I'd suggest creating a case (you can do so without calling by clicking the support center button on the top right of this page.) If we have the serial numbers for the APs we can help by creating the keys manually if the system is down, for example.
Well, finally got around to this yesterday - the Feature Key update did work with 12.8...now that they are working, I have about 40 days to take them all out and put in our new Meraki APs (waiting on a lift - fun times).
The edge at this facility is 100% grandfathered...next step would be to default the AP's and see what happens. But, if I have to send folks out to get to high ceilings we are going to replace the APs with another vendor.
You must add a feature key to a new device, and you must update the device feature key after you activate a service or upgrade option. The updated feature key enables the functionality on your device. To update the feature key manually, you can download the feature key from the WatchGuard website, and then paste it into your device configuration file. Before you add the new feature key in Policy Manager, you must remove the old feature key.
A feature key enables a set of licensed features on your Firebox. When you get a new device, you must activate the device on the WatchGuard website to create a feature key. Then you must install the feature key on your device to enable all the device functions.
Many features are enabled by the feature key that is created when you activate your device. You can purchase upgrades and services to add functionality to your device. When you purchase a new option, upgrade, or renewal, you must activate it on the WatchGuard website to associate it with your device. WatchGuard then creates an updated feature key for your device, which you must update on the device to enable the new functionality. If your device does not have a feature key, you can use the Feature Key Wizard in Fireware Web UI to add it to your device.
For a FireCluster, the Web UI shows only the feature key of one cluster member. It shows the feature key of the cluster master, or, if you use the management IP address to connect to a specific member, it shows the feature key of that member. You cannot use the Feature Key page to remove the Feature Key for a member of a FireCluster.
When you configure a FireCluster, you import feature keys for each cluster member. The FireCluster has a set of Cluster Features, which apply to the whole cluster. The Cluster Features are based on the feature keys for all devices in the cluster.
You can use Fireware Web UI or Firebox System Manager to download the latest feature key from your account on the WatchGuard website and install it on your device. For more information, go to Get a Firebox Feature Key.
Your Firebox needs a feature key to enable all of the device functionality. Before you can get the feature key for your device, you must activate the Firebox on the WatchGuard website. Then you can install the feature key on your device.
When you purchase an add-on feature, upgrade, or subscription renewal for your device, you activate a license key to associate it with a specific device. WatchGuard then generates an updated feature key for that device. You must install the updated feature key on the device to enable the additional functionality.
You can use Fireware Web UI or Firebox System Manager to retrieve the current feature key from the WatchGuard website and add it directly to your device. Or, you can copy the feature key from the WatchGuard website, and then paste the feature key into your device configuration file.
In the feature key settings, you can enable your Firebox to automatically download the latest feature key from the WatchGuard website when a feature has expired. You can also configure your Firebox to send a notification when a feature has expired or is about to expire.
WatchGuard's AD SSO feature offers two methods attackers might find interesting: the Event Log Monitor and the AD Mode with the SSO Agent. Let's see what the WatchGuard documentation reveals about these methods.
The feature, though well-intentioned, assumes all devices on the network are trustworthy. However, should a rogue actor like Malicious Malory lurk on the network instead of a standard workstation, it could lead to a bit of a problem.
When Malory tries to browse the internet, her IP isn't linked to a domain user. If any of the aforementioned Clientless SSO methods are enabled, she can capture authentication requests from a WatchGuard AD account just by trying to browse the internet.
Even with ZERO privileges assigned to the WatchGuard AD account, authenticated access to the domain in AD environments exposes many attack avenues - Kerberoasting, user enumeration for password spraying, BloodHound recon, and more.
If other domain PCs don't require SMB signing, she can directly relay the authentication requests to access targeted hosts, eliminating the need to crack the password hash! (This depends on the AD account having admin privileges on targeted hosts).
To show the impact, in my recent engagement, we transitioned from an unauthenticated device on the network to Domain Admin using this issue. We relayed WatchGuard authentication requests to get an initial foothold on several devices. We then exploited other vulnerabilities to secure Domain Admin privileges.
They pointed me to the documentation about WatchGuard's Clientless AD SSO methods, which they thought explained what I saw. When I asked about their plans to retire or rework this feature, WatchGuard said they might retire AD Mode but would keep the Event Log Monitor.
Provided on hardware that allows complex network and traffic control, these features are delivered via the fast and flexible Fireware platform. This allows for the delivery of full versions of leading security engines without sacrificing performance.
WatchGuard Firewall appliances feature exceptional security, delivered throughout the family which includes appliances ranging from the T15, delivering dynamic security for the home/small office, to the M5600, allowing fully secure multi-gigabit throughput for many thousands of users.
The service may not actually be disabled (by you) and is still trying to reach the watchguard servers to check links. I would say you need to either renew the subscription or enable the license bypass setting. The bypass setting on my XTM Device' Web UI is located at Subscription Services -> WebBlocker -> Advanced and in there you should see "License Bypass". If you cannot do it from there, load up Policy Manager and navigate through to your subscription services, webblocker, configure and you should see the license bypass feature, you need to change it from "Deny" to "Allowed" and that should fix your issues.
WatchGuard Video announced today the release of Version 6.0 software for the WatchGuard DV-1 police in-car video system. The Version 6.0 upgrade includes a powerful new patent pending feature called "Record-After-the-Fact" that allows officers to retrieve buffered video not previously recorded to a DVD.
WatchGuard says this feature goes far beyond the traditional pre-event video feature common in many digital in-car video systems. Record-After-the-Fact provides the ability to create a new video recording event up to several days after the time the event actually occurred. Many officers can recall times when important events occurred, but the in-car video camera was not recording. Furthermore, most agencies can point to multiple court cases that were lost because the video camera never recorded the event. At times, a patrol vehicle may happen to drive by a location where suspects have been loitering prior to committing a crime. With Record-After-the-Fact, such unexpected encounters can be recalled to assist in an investigation or to exonerate an officer.
7fc3f7cf58