You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > DW Product Help > Software Applications > DW Spectrum IPVMS > Troubleshooting > DW Spectrum - WatchGuard RFC Standard Workaround
DW Spectrum - WatchGuard RFC Standard Workaround
print icon

DW Spectrum – WatchGuard RFC Standard Workaround

-----------------------------------

Affected Roles: Administrator, Power Users

Related Digital Watchdog VMS Apps: DW Spectrum IPVMS

Software Version: DW Spectrum 6.0

Last Edit: February 10, 2025

-----------------------------------

 

Firewall Pass & Security Challenges

At the time of this writing, DW Spectrum IPVMS uses TLS 1.3 cryptographic protocol to encrypt data and authenticate connections over the Internet. Customers using an outdated version of TLS or encounter challenges with DW Cloud services communicating outside a company Firewall, disabling TLS 1.1 or creating a packet filter policy for HTTP/HTTPS with a remote host may allow users to reach their site.

This article will outline an example scenario and provide a workaround for this issue.

 

Example Case and Solution

Scenario: A customer using DW Spectrum IPVMS (Version 6.0) was encountering connection issues when using DW Cloud connection services.

Following troubleshooting and investigation, it was discovered that users who were connecting to the system from outside of the organization’s local network were able to connect successfully, leading to the conclusion that there was an internal Firewall issue.

 

Analysis: The customer’s Firewall was using TLS 1.0, an outdated cryptographic protocol version, when DW Spectrum’s request is TLS 1.3. While DW Spectrum follows RFC standards, the customer’s WatchGuard firewall continued to deny connection requests.

 

Solution: The investigating technician used the article “DW Disabling TLS” to disable TLS 1.1 on the server and use TLS 1.2. After the firewall continued to deny connection, the technician added a packet filter policy to the firewall configuration for HTTP and HTTPS remote host access. Alternatively, using an FQDN (Fully Qualified Domain Name) in a policy to allow traffic to and from specific sites that adhere to RFC standards for HTTP and HTTPS.

 

Adding a Packet Filter Policy

The method of applying a packet filter policy differs depending on the firewall manufacturer and version. When creating a custom policy, specify whether the template is for a packet filter or proxy policy. For a proxy policy, you also select the type of proxy policy or application layer gateway (ALG).

For TCP and UDP protocols, specify the network port or port range of all DW Spectrum Server machines (default is Port 7001).

Watchguard Help Center – Add Policies to Your Configuration

 

Using an FQDN Configuration

You can use Fully Qualified Domain Names (FQDN) configurations to allow traffic to specific domains, make exceptions for subdomains, and use an HTTP proxy for all web traffic.

For a list of FQDN and allowlist information to allow access to DW Cloud, refer to the article DW Spectrum – FQDN or Allowlist for DW Cloud Access.

 

 

 

For More Information or Technical Support

DW Technical Support: 866.446.3595 (option 4)

https://www.digital-watchdog.com/contact-tech-support/

______________________________________________________________________________

DW Sales:  866.446.3595                   [email protected]        www.digital-watchdog.com

 

Tags

close button
scroll to top icon