You can set this on the WINS/DNS tab of Network Configuration
"In the Domain Name text box, type a domain name that a DHCP client adds to unqualified host names. This setting corresponds to DHCP option 15."
This is the domain name suffix.
Above quote from here in the Configure Network DNS and WINS Servers section:
Configure Network DNS and WINS Servershttps://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/wins_dns_add.html
There is a similar setting on each DHCP setup page in the "Configure WINS/DNS Servers" area
To get to the Firebox V, the SSLVPN port needs to be different than the SSLVPN port on your M590.
On your M590 you need to set up an incoming policy for the Firebox V SSLVPN port with a SNAT which points to 10.0.5.5.
I had this error (TS_UNACCEPTABLE) too , after a change from old BOVPN style to BOVPN-VIF + IKEv2
The problem was the external IP, which was a private IP.
The ISP router get only one external fixed IP and to internal a private range (192.168.178.0/24 ).
Seems that the Firebox tries to establish a VPN tunnel with the external IP from that range
There was a conflict with local IPs with a similar ISP connect.
At the beginning, I did not assign virtual interface IP addresses under "VPN Routes".
After doing so, the tunnel comes up stable.
I used APIPA addresses (Out of 169.254.0.0/16) for it.
Do you have a ping policy near the top of your policy list?
We found a solution to this problem, described below.
If the problem is related to the web server certificate, I suppose changing the web server certificate back to the default self-signed firebox certificate should solve the connection problem. Since we can't make this change in WSM or WebUI, obviously that means we'll have to do it with the CLI command.
1.) Connect to firebox in putty using ssh via port 4118.
2.) Log in as "admin".
3.) you will enter two commands. press Enter after each command.
first command: configure
second command: web-server-cert default
4.) after you press enter in the second command, the cli will not confirm the change and will return you back to "wg(config) #". this means that it was successful
Have you added your new firewall to the cloud for reporting?
Try increasing the date range. If there are no client VPN authentications for the selected date/time range, then the Authentication selection item is not shown.
Add the IP addr(s) or domain names of the remote BOVPN endpoint to the above IPSec policy
All IKE/IPSec traffic is governed by a hidden rule. You can turn it off and create your own rule, but you must account for any IPSec connection (including site to site/Branch Office VPNs.)
(jump down to the section labeled "Disable or Enable the Built-in IPSec Policy"
Once that built in rule is disabled, you can make a rule
-Create a new policy.
-Use a packet filter, there should be a predefined one called "IPSec" in the packet filter list with the ports you'll need.
-Make the FROM field the IPS you want to allow IPSec traffic from.
-Make the TO field "Firebox."
If you make this change, you will need to update the FROM list every time you need to allow a new IP. Residential ISPs are usually DHCP based so this may happen frequently.
Somebody else might have a better way, but front of mind is that assuming the tunnel is a route-based one (virtual interface), add that tunnel to a SDWAN action, then create a policy that uses a DNS FQDN (name) for the destination which specifies that SDWAN action.
You can disable the SSLVPN page via the firebox's CLI. See:
(Plan Your Mobile VPN with SSL Configuration)https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/mvpn/ssl/configure_fb_for_mpvpn_ssl_c_before.html#Name
(instructions are in the section labeled "Software Downloads Page Hosted by the Firebox" near the bottom of the article.)