Turn on Logging on any policies which you think will allow this access so that you see access attempts in Traffic Monitor.
You can test this access using the SSLVPN client from behind the firewall.
Make sure that the Dynamic NAT settings still have the 3 private supernets and that one of them includes the SSLVPN virtual IP subnet.
In addition to the above, if you'd like to have a look at a running dimension system with logs running to it, you can do so athttps://demo.watchguard.com
If the BOVPN tunnel is from your WG firewall to some other device on the Internet - yes this is possible.
You need to add the SSLVPN virtual subnet to the BOVPN Tunnel settings on each end.
Allow Mobile VPN with SSL Users to use Resources Through a BOVPN Tunnelhttps://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/manual_bovpn_via_sslvpn_c.html
Opps - my error.
From: Any-external is correct.
Change the To: field from Firebox to 126.96.36.199
If you're just managing the one firewall, there really isn't any reason to re-install the management server. You can just use WSM too connect to the firewall directly.
For managed (DVCP) VPNs, it's not configurable. If you need to configure that setting, I'd suggest building the tunnel manually either in Policy Manager or the WebUI.
Maybe, but a new inexpensive consumer grade router / NAT firewall can do so as well.
What software version is on the X15?
There should be a MUVPN option - which is a client VPN.
As this firewall and firmware is so old, I would not recommend doing this.
There may well be modern client VPN incompatibilities and there could be unpatched exposures in the old software on this unit.
The only log servers that we support are:
-WatchGuard Log/Report server, which runs on Windows.
-WatchGuard Dimension, which is a VMWare/HyperV virtual machine.
You can find more about each here:
(Quick Start — Set Up Logging to a WSM Log Server)https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/logging/setup_logging_task_wsm.html
(Get Started with WatchGuard Dimension)https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/dimension/get-started_dimension_d.html
Some customers have reported success converting a Dimension VMWare image over to Linux KVM (https://www.linux-kvm.org/) however, Dimension is only supported on supported versions of VMWare and HyperV. This means it'd likely work, but if it were to break, you'd be on your own.
Finally, the firewall does support sending log data via syslog, but you'll need to set up your own 3rd party server/service to handle the syslog data stream. You can find more about that here:
(Configure Syslog Server Settings)https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/logging/send_logs_to_syslog_c.html
And, even if the Allow IKEv2-Users policy was lower in the list, your HTTPS-ADFS does not include IKEv2-Users so it would not apply.