Best Of
Re: my Laptop with a ARM based processor won't work with the WatchGuard SSLVPN
I seem to recall reading elsewhere on this forum that installing the ARM64 OpenVPN client after the WatchGuard SSL VPN client might work because the missing bit is the TAP driver that the OpenVPN/SSL component uses - and being ARM64 you need an ARM64 version (the WatchGuard one is x86/x64 only).
Re: my Laptop with a ARM based processor won't work with the WatchGuard SSLVPN
Just an update to my last comment:
Tested the SSLVPN on a Windows ARM64 system and it does work, even with the SAML/SSO setup in 12.11
To do this, install the WatchGuard VPN client - but make sure the TAP driver is not selected to be installed.
Once that is done, install the OpenVPN ARM64 package, and as a minimum make sure the drivers in that installation are installed, one of which is the TAP driver [for ARM64].
You can install the GUI component if you wish.
May need to restart the system, but the SSL VPN when I tested it both with a regular login and with SAML worked.
Re: What local ID should I type for a WG behind MIP NAT to peer WG BOVPN
It could be any of these - all they need is to match on each end.
I would choose By IP Address, and use the public IP addr on the routers.
Re: Co-existence with Windows Defender
If you activate EPDR/AD360 firewall on our product, we find Windows Firewall enabled, we do disable Windows Firewall, in order to have only one FW active.
Re: SAML IKEV2 VPN Authentication
With Watchguard recommending to use IKEv2 it would be great to have this new feature available to IKEv2 VPN for seamless Entra authentication.
Thomas_S
SAML IKEV2 VPN Authentication
With the implementation of SAML auth for SSLVPN in 12.11 we are wondering if this is planned / feasible for use with IKEV2 VPN's? We have recently switched from SSL to IKEV2 (auth via radius) but would love it for us and our clients if we could leverage SAML auth for IKEV2 instead. Is is this in the works?
dkeen94
Re: Error 110 connection time out
Hi @Kelvin_PTY
I would suggest opening a support case. You can do so via the support center link at the top right of this page.
Re: error 400.012.310
Hi @illbrain There is not, unfortunately. If you need one decoded, we can do them via the forums, or via a support case.
Re: error 400.012.310
Hi @illbrain
Your errors are all based around internet connectivity:
400.012.310
Delete - ERROR_INTERNET_NOT_CONNECTED (no internet connectivity at all)
400.001.301
Activation - ERROR_NO_HEADER_ELEMENT (suggests missing packets)
400.001.303
Activation - ERROR_UNKNOWN_HOST (DNS resolution error, which is related to the ones above)
Re: Configuration Problem With Interface/Policies and PiHole
(12.5.9 Update 2 for M200/M300 exe for WSM install)
https://cdn.watchguard.com/SoftwareCenter/Files/XTM/12_5_9_U2/Firebox_OS_M200_M300_12_5_9_U2.exe
(12.5.9 Update 2 for M200/M300 sysa-dl for WebUI install)
https://cdn.watchguard.com/SoftwareCenter/Files/XTM/12_5_9_U2/firebox_M200_M300_12_5_9_U2.zip
There have been a number of updates to Fireware since 12.5.9 Update 2. I would suggest upgrading to a newer device that can run the latest version of Fireware.