WatchGuard macht Probleme (20. – 23. Oktober 2024)

[English]Unschöne Geschichte, auf die mich ein Blog-Leser gerade hingewiesen hat. Es gibt seit einigen Tagen, wohl vom 20.  Oktober 2024 bis zum heutigen 23.10.2024 wohl Probleme mit dem Dienst WatchGuard. Was zuerst wie ein Brute-Force-Angriff aussah, ist auf technische Probleme zurückzuführen. Der Ausfall bzw. die Probleme bedeuten für Anwender, dass bei denen VPN-Verbindungen (SSL-VPN) nicht mehr funktionieren.

Was oder wer ist WatchGuard?

WatchGuard Technologies ist ein Anbieter von Internetsicherheitslösungen mit Sitz in Seattle. Bekannt wurde WatchGuard durch ihre Firewall und VPN-Lösung für kleine und mittelständische Unternehmen.

Laut Eigenbeschreibung auf der Webseite des Anbieters soll die Sicherheitslösung "Unified Security Platform^®" effiziente, leistungsstarke Sicherheitsdienste mit höherer Skalierbarkeit und Geschwindigkeit ermöglichen und gleichzeitig die betriebliche Effizienz steigern. Gilt natürlich nur solange das Zeugs funktioniert.

WatchGuard scheint gestört

Blog-Leser Benjamin S. hat mich heute Vormittag per Mail darüber informiert, dass es in seinem Umfeld Probleme mit dem WatchGuard-Dienst gebe. Er schrieb mir, dass er seit "gestern früh um 07:30 Uhr" (war der 22. Oktober 2024) Informationen von seinen Kolleginnen und Kollegen erhalten habe, dass die VPN-Verbindung (SSL-VPN) nicht mehr klappt.

In seinem betrieblichen Umfeld verwendet man zur Authentifizierung (OTP-Token) WatchGuard Auth Point. Nun erhielten die Anwender beim Anmeldeversuch die Fehlermeldung "Benutzername oder Passwort falsch" zurück. Als die IT dann die Log-Dateien überprüft hat, wurden "Unmengen" an Anmeldeversuchen von Usern gefunden, dies gar nicht gibt, schrieb mir der Leser.

Zunächst war die Vermutung, dass es Brute-Force-Angriffe gäbe. Er hat dann seinen Dienstleister diesbezüglich kontaktiert, weil er davon ausging, dass der Radius-Authentifizierungs-Server durch die zahlreichen Brute-Force-Versuche nicht mehr funktioniert. Allerdings kam dann raus, so der Blog-Leser, dass WatchGuard aktuell ein größeres Problem hatte – hier der Statusauszug:

Statusseite, Zum Vergrößern klicken

Störung vom 20. 10. – 23.10.2024

Ich habe aktuell auf der WatchGuard-Statusseite geschaut, da wird aktuell alles "im grünen Bereich" angezeigt. Gehe ich aber auf die Historie, wird mir eine Störung seit dem 20. Oktober 2024 gezeigt:

2024-10-20 – Global – MFA Push Notifications and Timeout Issues

Monitoring – Our system shows that authentication services are returning to normal operations. We will continue monitoring the performance of AuthPoint Authentication services. Again we apologize for any impact this may have had on you or your customers. We'll post our next update if we have any new information.

Oct 23 2024, 10:12 UTC

Monitoring – Our system shows that errors have returned to normal, and we continue monitoring the performance of AuthPoint Authentication services. We remain engaged and continue to investigate this issue. We'll post our next update if we have any new information. Thank you for your continued patience!

Oct 22 2024, 21:26 UTC

Investigating – We are still facing issues with AuthPoint authentication. Our monitoring shows that login through OTP is returning to normal. Again we apologize for any impact this may have had on you or your customers. We'll post our next update if we have any new information.

Oct 22 2024, 18:46 UTC

Investigating – We are still investigating the AuthPoint Authentication issues. Our monitoring indicates that login through OTP is returning to normal. We'll post our next update in 1 hour, if not sooner.

Oct 22 2024, 17:46 UTC

Investigating – We are still working hard to resolve the SAML login errors and the intermittent issues with push notifications. We'll post our next update in 1 hour, if not sooner. Thanks for your patience.

Oct 22 2024, 16:45 UTC

Investigating – In addition to the SAML login errors in the AMER region, we are now experiencing intermittent issues with push notifications. Our team is investigating both issues to implement a resolution as quickly as possible. We'll post our next update in 1 hour, if not sooner.

Oct 22 2024, 15:47 UTC

Investigating – We have identified that the errors are occurring specifically with SAML logins in the AMER region, while other regions are operating normally. Our teams are working to restore normal operations and we apologize for the impact this event has caused. We'll post our next update in 1 hour, if not sooner.

Oct 22 2024, 14:46 UTC

Investigating – We're investigating errors occurring occurring while logging into the IDP portal. We'll post our next update in 1 hour, if not sooner. Thanks for your patience.

Oct 22 2024, 14:30 UTC

Monitoring – Our authentication service is returning to normal after the mitigation measures taken by the team, WGC logins should not be longer impacted, and we're monitoring to ensure system stability. We'll post our next update in 30 minutes, if not sooner.

Oct 22 2024, 13:58 UTC

Monitoring – The current issue is also affecting Watchguard Cloud Login in AMER. Our teams are still working hard to find the root cause of the issue. We are actively monitoring system stability. Push notifications in EMEA are improving performance.

Oct 22 2024, 12:58 UTC

Monitoring – Our teams are still working hard to find the root cause of the issue. We are actively monitoring system stability. We'll post our next update if we have any new information

Oct 22 2024, 11:39 UTC

Monitoring – Our teams are still working hard to find the root cause of the issue. We are actively monitoring system stability. We'll post our next update if we have any new information

Oct 22 2024, 11:31 UTC

Monitoring – We're seeing some delays in push notifications for IDP where the push replies could be slightly delayed in EMEA and AMER regions. Our teams are investigating potential causes and solutions. Thank you for your continued patience, and we'll post our next update in 1 hour, if not sooner.

Oct 22 2024, 10:06 UTC

Monitoring – We have resolved the intermittent issues with delayed push notifications, and everything is now operating normally. If you are still experiencing problems with RADIUS authentications, please contact WatchGuard support. Thank you for your patience.

Oct 21 2024, 19:41 UTC

Monitoring – Our teams have continued to monitor this issue and services are operating normally. If you are still experiencing issues with RADIUS authentications, please contact WatchGuard support. Again we apologize for any impact this may have had on you or your customers.

Oct 21 2024, 16:14 UTC

Monitoring – The service is operating normally at this time, and we are actively monitoring the system. If you are still experiencing issues with RADIUS authentications, please contact WatchGuard support. We apologize for the impact this event has caused. We'll post our next update if we have any new information. Thank you for your patience.

Oct 21 2024, 02:36 UTC

Monitoring – We are still working to find the root cause of the issue, but services are currently operating normally, and we are actively monitoring system stability. We'll post our next update in 1 hour, if not sooner.

Oct 21 2024, 01:35 UTC

Monitoring – We have mitigated the issue with our recent fix, and services are now operating normally. Our team remains engaged and continues to investigate the issue. We'll post our next update in 1 hour, if not sooner. Thanks for your patience.

Oct 21 2024, 00:34 UTC

Investigating – We are still working hard to address the recurring issues with MFA push notifications and timeouts in both the EU and US. Our team is actively investigating the root causes and potential solutions. Thank you for your understanding. We'll post our next update in 1 hour, if not sooner.

Oct 20 2024, 23:24 UTC

Investigating – We have implemented a temporary fix in the US, and operations are now functioning normally. Our team is currently working on applying the same fix in the EU. We'll post our next update in 1 hour, if not sooner.

Oct 20 2024, 22:26 UTC

Investigating – We are still working hard to resolve the MFA push notification and timeout issues. Our team is investigating potential causes and solutions. Thank you for your continued patience, and we'll post our next update in 1 hour, if not sooner.

Oct 20 2024, 21:22 UTC

Investigating – We are still working hard to identify the issue with MFA push notifications and timeouts. Our team is making progress, and we appreciate your continued patience. We'll post our next update in 1 hour, if not sooner. Thank you!

Oct 20 2024, 20:20 UTC

Investigating – We continue to work on the MFA push notifications and timeout issues, which are currently affecting users in the EU and US only. We'll post our next update in 30 minutes, if not sooner.

Oct 20 2024, 19:48 UTC

Investigating – We're currently investigating the issue where users are not receiving MFA push notifications or are experiencing timeouts even after approval. Once we determine the impact and scale of these potential issues, we'll post our next update in 30 minutes, if not sooner.

Oct 20 2024, 19:16 UTC

Dort erfährt man, dass der Dienst zum 20. Oktober 2024 (Abends) bis zum 23. Oktober 2024 gestört war. So um die drei Tage Ausfall, an denen Nutzer ggf. keine Authentifizierung für SSL-VPN-Verbindungen vornehmen konnten. Nicht wirklich schön. War sonst noch jemand betroffen? Ist das Problem behoben?