Best Of

Hi @tantony

Windows sometimes unregisters SSLVPN's TAP driver. This can be caused by other applications trying to use that same TAP driver or by updates to your network drivers via Windows update.

If you'd like to use Windows' built-in VPN client, we support that via IKEv2 and L2TP. We generally recommend IKEv2 for Windows 10 and 11. L2TP is usually used with legacy versions of Windows and other devices that don't support IKEv2.

See:
(Mobile VPN with IKEv2)
https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/mvpn/ikev2/mvpn_ikev2_about_c.html

if you use Firebox-DB credentials to connect to IKEv2 VPN and have problems connecting to AD resources,
check: https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000bpLuSAI&lang=en_US

better solution would be that you change the IKEv2 to use radius (NPS) AD authentication:
https://techsearch.watchguard.com/KB/WGKnowledgeBase?lang=en_US&SFDCID=kA22A000000XZlhSAG&type=KBArticle

NPS radius server install and configuration:
https://www.screencast.com/t/YhZSg5LMZ3ow

Firebox radius and IKEv2 configuration:
https://www.screencast.com/t/1qJkEtot6zUw

If you want to configure Windows IKEv2 to use ”Automatically use my Windows logon name...”

You need to give the radius server name in the Firebox radius settings the same name as your on-prem AD domain name and it needs to be with capital letters!
In the video the on-prem AD domain name is domain1.com, so the radius server name in the Firebox needs to be DOMAIN1.
This is because the Windows IKEv2 client is sending the credentials in “DOMAIN\user” format.

If you don’t configure ”Automatically use my Windows logon name...” option, then the radius name can be whatever in the Firebox radius settings, uppercase or lowercase letters…

Windows 10 & 11 IKEv2 configuration with the IKEv2 *. bat file:
https://www.screencast.com/t/F8opfvqa1Q

Hello,

I configured Mobile VPN with IKEv2 on the Firebox M370. For authentification, in the first step we configured users of the Firebox-DB. After installing the batch file on a Windows 10 client, the connection was successful. I'm able to ping all Clients and Server (including domain controller), that I want to reach. But there is still a problem with the connection to the domain controller. I can't authentificate my AD user. If I want to access shares, outlook (exchange), printserver etc. I have to authenficate with username and password. Also I can't update user group policies with gpupdate.
After a new Windows login, everthing works fine.
We use DNS server of the domain controller at the IKEv2 VPN profile.

Does somebody have any idea?

That's odd. I have never been asked to authenticate to AD after establishing IKEv2 VPN connection and I can access network resources just fine. The login to the AD domain happens before establishing VPN (I suppose by cached credential).

I'm only asked to authenticate when IKEv2 username is different than AD username, for example: JohnDoe (Firebox-DB username), JDoe (AD username). For that reason, I create the same username but different password on Firebox-DB.