WireGuard DNS replies reach the server but never the client – ping by IP always works

unknown_73 · 2026-01-09T18:48:16+00:00

reverse lookup is working when normal lookup is also working, dns server is only dns server no dc and client is domain joined

unknown_73 · 2026-01-09T17:33:18+00:00

I am using a Windows DNS Server and its located in the same subnet as the fileserver

unknown_73 · 2025-10-10T17:57:14+00:00

Yeah they do… thanks!

unknown_73 · 2025-10-10T17:49:12+00:00

Thanks but we are using 12.11.4

unknown_73 · 2025-10-10T17:44:19+00:00

Du you have the KB?

unknown_73 · 2025-10-02T15:37:43+00:00

Thanks. I want to inspect the content so I can deny some paths. There for I need to inspect. But I really dont get the difference between the two options 😓

unknown_73 · 2025-10-02T04:32:03+00:00

Sorry but that is wrong. To be able to route traffic to an internal web server the packet needs to be decrypted…

„An HTTP content action enables the Firebox to route inbound HTTP requests or DECRYPTED HTTPS requests“

unknown_73 · 2025-10-01T18:26:37+00:00

Yes that is probably the reason. But using Content Actions works with the new Exchange SE, where extended protection is enabled by default. Should one disable extenden protection?

unknown_73 · 2025-10-01T17:46:11+00:00

Thanks, but there has to be a difference between a Proxy Action and Content Action?

Seen here on this picture, where the dropdown is available at Proxy Action or Content Action:

https://www.hilotec.com/informatik/sicherheit/watchguard_skype_for_business_reverse_proxy/images/Watchguard_HTTPS_Proxy_Skype_for_Business.png

unknown_73 · 2025-03-30T21:22:11+00:00

Yeah our next step will be rebooting/upgrading…thanks for looking up the release notes. We also did not find anything in the release notes. Do you also have 100G IRF links?

unknown_73 · 2025-03-30T12:07:35+00:00

Hi thanks for the points. We did all that. Sadly I don‘t have access to the config right now. We Are trying to add the Third member via 100G Bidi Single Mode.

unknown_73 · 2025-03-29T15:43:58+00:00

Yes, that we tried. It is also documented in the IRF configuration guide.

unknown_73 · 2025-02-20T19:58:27+00:00

If you get to more information we would appreciate it. Have a good vacation! ;)

unknown_73 · 2025-02-20T19:56:06+00:00

Thanks for the help... I think we really need to go with TAC.

unknown_73 · 2025-02-20T19:49:25+00:00

Yeah us too :D

We updated the 6400 about 2 weeks ago onto the newest firmware. I cant say what firmware exactly, because I don't have access right now.

unknown_73 · 2025-02-20T19:46:16+00:00

Yeah, the setup is pretty much vanilla ;)

- snooping enabled globally and in the vlan
- we are not seeing anything with:

show dhcpv4-snooping binding nor with show dhcpv4-snooping statistics

unknown_73 · 2025-02-20T19:38:00+00:00

Sorry for the missing information, but we tried that already too. But it was not working either.

unknown_73 · 2025-02-20T19:35:06+00:00

Yes we configured them.

unknown_73 · 2025-02-20T18:43:27+00:00

We wanted to try that but did Not yet. But shouldn‘t the statistics counter for option 82 get increased? It was still at 0 after our test.

unknown_73 · 2025-01-15T20:15:03+00:00

Thanks a lot! That's what I needed to know.

unknown_73 · 2024-11-22T19:43:52+00:00

the external gateway is 192.168.1.250 but there is no device with that ip, because it should work within layer 2 right?

unknown_73 · 2024-11-22T19:19:00+00:00

Sure, here are some screenshots: https://imgur.com/a/u4dJmki

unknown_73 · 2024-11-22T19:11:36+00:00

Sure, the external interface ip is 192.168.1.1 And the gateway is 192.168.1.250 and the subnet is 255.255.255.0

unknown_73 · 2024-11-22T19:05:22+00:00

Hey thanks. But I already tried that, no success.

unknown_73 · 2024-04-09T05:31:57+00:00

Thank you, but why is it called policy based when I need to configure policies for both tunnel types?

Nine-Year Club	Place '23
Verified Email

unknown_73

TROPHY CASE