Paul, We use the XTM quite heavily. XTM is fundamentally different from WFS, which is the File System they used on the older Watchguard systems. XTM is several quantum leaps beyond it.
What software version are you on? Are you in drop in mode or routing mode? When configuring the proxy's there is a button to the right of logging that is your various control options for the proxy. Have you reviewed those? Also I am not aware that PPTP is a proxy. Are you using the WG to terminate the VPN tunnel or are you passing it through to a server or device to handle PPTP. If it's the latter, add the PPTP rule, From External-Any and do a NAT to the internal IP, if you are not using NAT, then just specify the public IP of your VPN device behind the firewall. Remember XTM requires two rules, one for each direction, WFS allowed you to do this on one rule, but for proxy's whatever option you selected applied to both directions, in XTM you can make the proxy behave differently per direction. By default there is an Outgoing rule that will allow all outbound UDP/TCP traffic if you go through the config wizard, otherwise you have to configure each rule manually so check that you have an Outgoing rule. Feel free to hit me off list. Greg Sweers CEO ACTS360.com<http://www.acts360.com/> P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Paul Everett [mailto:[email protected]] Sent: Thursday, January 13, 2011 4:48 PM To: NT System Admin Issues Subject: Watchguard xtm 510 I've upgraded from an old watchguard firewall to this xtm 510, and I'm having some issues configuring proxies for my pptp users (they can connect to the firewall, but not the network) and the http proxy to allow active sync to work (doesn't seem to open port 80). I've got the configurations as close as I can to what the old box has, but these issues have me pulling out my hair. I have an incident ticket in with WatchGuard, but their 4hr call back will put me into next Tue since I'm off till then after today. Looking for suggestions. Off list is ok. Thanks, Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
