Note: We have had frequent issues with the Watchguard OS. This device is not one of our recommended network firewalls.
Use these resources to get started:
Recommended Configuration Changes
- Add an explicit alias and firewall rule set (TO & FROM) for Weave with the IP Addresses or FQDN that we will provide during onboarding. Allow Any traffic from Weave IPs to ensure proper bidirectional communication
- We highly recommend moving the Weave Firewall policy you created to the top of your Sequence policy order.
- Set up Traffic Shaping/QoS (we use DSCP 26(SIP) & 46 (Real-Time Media)) to prioritize voice traffic
- Configure Dangerous Activities settings and uncheck the following configurations
- Block Port Space Probes or Block Port Scan
- Block Address Space Probes or Block IP Scan
- Configure Global Networking settings
- System > Global Settings > Uncheck all SIX checkboxes in the ICMP Error Handling section
- Uncheck the checkboxes labeled Enable TCP SYN Packed and connection state verification
- Select No Adjustment for TCP Max segment size control