PDA

View Full Version : Need quick help with a Watchguard FW!



loosbrew
28-Jun-2007, 08:38 PM
Hey all...

Someone who will remain nameless... decided to deny to and from "Any"
all ports above UDP 1024 without knowing what the consequences were. Now
we can't manage it to change the policy. I have never worked with one
here, however I see a com cable hanging off the of the primary
Watchguard. We save cofigs after every change so maybe we can over write
the config from yesterdays?

Anyway, any and all help is super appreciated!

Thanks!

Luis

G of Borg
28-Jun-2007, 08:52 PM
If you have the config saved, can't you just reset it to
defaults and then reinstall the config? I have a couple
of Watchguards that I have reset to factory before but I
haven't tried to reinstall a config from backup.

Jay Calderwood
28-Jun-2007, 08:53 PM
loosbrew wrote:
> Hey all...
>
> Someone who will remain nameless... decided to deny to and from "Any"
> all ports above UDP 1024 without knowing what the consequences were. Now
> we can't manage it to change the policy. I have never worked with one
> here, however I see a com cable hanging off the of the primary
> Watchguard. We save cofigs after every change so maybe we can over write
> the config from yesterdays?
>
> Anyway, any and all help is super appreciated!
>
> Thanks!
>
> Luis


LOL!!!!!! That is funny... because it didn't happened to me!! You have IM???

--
Jay Calderwood
http://jaycalderwood.blogspot.com

Quote: "I'm alive... I think... Then again can it get any worse? Yes it
can...
There is this one place...really down south that starts with an 'H' and ends
with an 'L' that is really HOT..."

Jay Calderwood
28-Jun-2007, 08:54 PM
G of Borg wrote:
> If you have the config saved, can't you just reset it to
> defaults and then reinstall the config? I have a couple
> of Watchguards that I have reset to factory before but I
> haven't tried to reinstall a config from backup.
>

YUP!

--
Jay Calderwood
http://jaycalderwood.blogspot.com

Quote: "I'm alive... I think... Then again can it get any worse? Yes it
can...
There is this one place...really down south that starts with an 'H' and ends
with an 'L' that is really HOT..."

loosbrew
28-Jun-2007, 08:55 PM
I guess I can with the back up device, but I was hoping for maybe a
console command or something along those lines. Maybe a trusted port on
the device?

I dunno, just needing some ideas...I'm almost at that point. so far it's
affecting a lot of stuff, so the quicker the better...

Thanks!

Luis


G of Borg wrote:
> If you have the config saved, can't you just reset it to
> defaults and then reinstall the config? I have a couple
> of Watchguards that I have reset to factory before but I
> haven't tried to reinstall a config from backup.
>

Elrey
28-Jun-2007, 08:55 PM
What is your model of firebox? One model states the following will restore
the firebox to the original settings...

Sometimes configuration errors occur, passwords are lost, etc.... This FAQ
covers the reset of the SOHO unit if the password is lost or the
administrator is unable to communicate with the unit. This will set the SOHO
back to the configuration defaults.

1..
Disconnect the power on the SOHO.
2..
Use a standard Ethernet patch cable to connect the WAN and 1 ports
together, one of these cables came with the SOHO unit (you are connecting
the SOHO to itself) - See Figure 1 .
3.. Connect power to the SOHO.
The SOHO will turn on
4.. Wait 90 seconds for the reset process to complete.
the MODE and ON lights will eventually flash simultaneously, indicating
the process is complete
5..
Disconnect the power from the SOHO.
6..
Disconnect the Ethernet cable from the 1 and WAN ports.
7..
Reconnect the power to the SOHO.
The reset procedure is now complete.



"loosbrew" <anon@anon.com> wrote in message
news:v6Ugi.750$8i6.725@prv-forum2.provo.novell.com...
> Hey all...
>
> Someone who will remain nameless... decided to deny to and from "Any" all
> ports above UDP 1024 without knowing what the consequences were. Now we
> can't manage it to change the policy. I have never worked with one here,
> however I see a com cable hanging off the of the primary Watchguard. We
> save cofigs after every change so maybe we can over write the config from
> yesterdays?
>
> Anyway, any and all help is super appreciated!
>
> Thanks!
>
> Luis

loosbrew
28-Jun-2007, 08:55 PM
lol, only through mail now :P

all aol etc went down... quick :P

Luis


Jay Calderwood wrote:
> loosbrew wrote:
>> Hey all...
>>
>> Someone who will remain nameless... decided to deny to and from "Any"
>> all ports above UDP 1024 without knowing what the consequences were.
>> Now we can't manage it to change the policy. I have never worked with
>> one here, however I see a com cable hanging off the of the primary
>> Watchguard. We save cofigs after every change so maybe we can over
>> write the config from yesterdays?
>>
>> Anyway, any and all help is super appreciated!
>>
>> Thanks!
>>
>> Luis
>
>
> LOL!!!!!! That is funny... because it didn't happened to me!! You have
> IM???
>

Jay Calderwood
28-Jun-2007, 08:56 PM
loosbrew wrote:
> I guess I can with the back up device, but I was hoping for maybe a
> console command or something along those lines. Maybe a trusted port on
> the device?
>
> I dunno, just needing some ideas...I'm almost at that point. so far it's
> affecting a lot of stuff, so the quicker the better...
>

BI... Just remember BI...

Now go and reflash and be up in 10 mins.

--
Jay Calderwood
http://jaycalderwood.blogspot.com

Quote: "I'm alive... I think... Then again can it get any worse? Yes it
can...
There is this one place...really down south that starts with an 'H' and ends
with an 'L' that is really HOT..."

Jay Calderwood
28-Jun-2007, 08:56 PM
loosbrew wrote:
> lol, only through mail now :P
>
> all aol etc went down... quick :P
>
> Luis
>
>
> Jay Calderwood wrote:
>> loosbrew wrote:
>>> Hey all...
>>>
>>> Someone who will remain nameless... decided to deny to and from "Any"
>>> all ports above UDP 1024 without knowing what the consequences were.
>>> Now we can't manage it to change the policy. I have never worked with
>>> one here, however I see a com cable hanging off the of the primary
>>> Watchguard. We save cofigs after every change so maybe we can over
>>> write the config from yesterdays?
>>>
>>> Anyway, any and all help is super appreciated!
>>>
>>> Thanks!
>>>
>>> Luis
>>
>>
>> LOL!!!!!! That is funny... because it didn't happened to me!! You have
>> IM???
>>

Ha. Did you reflash it yet?

--
Jay Calderwood
http://jaycalderwood.blogspot.com

Quote: "I'm alive... I think... Then again can it get any worse? Yes it
can...
There is this one place...really down south that starts with an 'H' and ends
with an 'L' that is really HOT..."

loosbrew
28-Jun-2007, 08:57 PM
Thanks for the info.... we have the firrebox x5000. two actually in high
availability mode. I may just unplug one and reset it and try to upload
a backup config...

dunno how that will work with high availability though... :/


Thanks!

Luis

loosbrew
28-Jun-2007, 08:57 PM
On my way...

:P




Jay Calderwood wrote:
> loosbrew wrote:
>> lol, only through mail now :P
>>
>> all aol etc went down... quick :P
>>
>> Luis
>>
>>
>> Jay Calderwood wrote:
>>> loosbrew wrote:
>>>> Hey all...
>>>>
>>>> Someone who will remain nameless... decided to deny to and from
>>>> "Any" all ports above UDP 1024 without knowing what the consequences
>>>> were. Now we can't manage it to change the policy. I have never
>>>> worked with one here, however I see a com cable hanging off the of
>>>> the primary Watchguard. We save cofigs after every change so maybe
>>>> we can over write the config from yesterdays?
>>>>
>>>> Anyway, any and all help is super appreciated!
>>>>
>>>> Thanks!
>>>>
>>>> Luis
>>>
>>>
>>> LOL!!!!!! That is funny... because it didn't happened to me!! You
>>> have IM???
>>>
>
> Ha. Did you reflash it yet?
>

loosbrew
28-Jun-2007, 09:22 PM
ok, so restore is a no go since no one is here that knows where the
licenses are. so I can't reset without a license. sooo... plan b anyone? :P

Luis

Jay Calderwood
28-Jun-2007, 09:36 PM
loosbrew wrote:
> ok, so restore is a no go since no one is here that knows where the
> licenses are. so I can't reset without a license. sooo... plan b anyone? :P
>
> Luis

Um... Wouldn't the restore bring over the license numbers?

--
Jay Calderwood
http://jaycalderwood.blogspot.com

Quote: "I'm alive... I think... Then again can it get any worse? Yes it
can...
There is this one place...really down south that starts with an 'H' and ends
with an 'L' that is really HOT..."

loosbrew
28-Jun-2007, 10:18 PM
Jay Calderwood wrote:
> loosbrew wrote:
>> ok, so restore is a no go since no one is here that knows where the
>> licenses are. so I can't reset without a license. sooo... plan b
>> anyone? :P
>>
>> Luis
>
> Um... Wouldn't the restore bring over the license numbers?
>
nope, not on this guy.... but i made some calls and found it...

sheesh... what a day...

luis

Dave Taylor
29-Jun-2007, 12:37 PM
loosbrew <anon@anon.com> wrote in news:JAVgi.830$8i6.89@prv-
forum2.provo.novell.com:

> sheesh... what a day...

Your day is over in about 3 hrs, that is pretty good for this kind of
problem when you have never done it before!

--
Ciao, Dave

loosbrew
29-Jun-2007, 03:26 PM
No kidding. I had the everything back to normal by 6 pm... in time to
run some maintenance on an exchange server... :) I was only here until
8:30, chatting with my boss..


Luis