Hello,
a watchguard basic security licence is expired.
Is there any advantage when using the “https proxy” for outbound traffic? (with default https client template)
I only know, that its possible to restrict e.g. *.exe Files for download.
https://exmaple.com/setup.exe would not work in this example.
Are there any other good possibilities with 80/443 traffic? (without having a licence)
Yes. The Watchguard will continue to work even with an expired license. You just won’t get updates.
The single host thing is only when there is no key, ie, even entering an expired key will remove that restriction.
Anything that relies on subscription services, so botnet, packet inspection, geolocation etc etc will stop working. As said there is an option in http/https to either block traffic when the subscription has expired or allow traffic. So you make sure it’s set to allow when it expires.
Bear in mind it basically becomes a flashy red router. You do have 3 subscription levels, total security, basic security and support only. Support will still give you hardware warranty and ability to open cases, so there are options.
The web filter has an option to stop traffic if the licence has expired. You can disable this in the policy menu but apart from that things continue to work
A lot of stuff will work. But web blocker, av, etc stop working.
Really? I thought an expired license only allowed traffic to / from a single host?
Hi Gremlin, with Support subscription I can do firmware update via cloud.watchguard.com right? (locally managed watchguard)
That only applies if no feature key is installed. As long as one is installed it works. When expired, only the paid features are disabled.
That happens when you do not have any feature key present on the box.
When the key is present but expired, it acts how he describes
The single host thing is if you have no license.
I believe so, I’d need to see if we have one on support only to really double check. Otherwise, I found this:
Standard Support licenses are included with all WatchGuard devices. Standard Support includes full VPN capabilities and built-in SD-WAN. With a Standard Support license, you can add your Firebox to WatchGuard Cloud as a cloud-managed or locally-managed device. Live Status is available. There is no data retention or reporting available with Standard Support.
hi,
in other words:
why prefer/use
http and https proxy
after runout of licence
instead of
http and https packet filter?
Because (with my understanding)
E.g.
http and https proxy
can block download of *.exe files if configured.
I don´t know more benefits with https/http proxy