Configuration for Watchguard System Manager (WSI) Firewalls

Note: We have had frequent issues with the Watchguard OS. This device is not one of our recommended network firewalls. 

Use these resources to get started: 

  1. Traffic Shaping/QoS for VolP

Recommended Configuration Changes

  • Add an explicit alias and firewall rule set (TO & FROM) for Weave with the IP Addresses or FQDN that we will provide during onboarding. Allow Any traffic from Weave IPs to ensure proper bidirectional communication
  • We highly recommend moving the Weave Firewall policy you created to the top of your Sequence policy order.
  • Set up Traffic Shaping/QoS (we use DSCP 26(SIP) & 46 (Real-Time Media)) to prioritize voice traffic
  • Configure Default Packet Handling settings and uncheck the following configurations
    • Block Port Space Probes or Block Port Scan
    • Block Address Space Probes or Block IP Scan
  • Configure Global Networking settings
    • System > Global Settings > Uncheck all SIX checkboxes in the ICMP Error Handling section
    • Uncheck the checkboxes labeled Enable TCP SYN Packed and connection state verification
    • Select No Adjustment for TCP Max segment size control
  • Finish setup with a File > Reboot to restart network devices with newly added settings/configurations
Was this article helpful?