Best Of

Hi @eddiebaker

The firebox is the router. Putting the ISP's router in front of the Firebox may cause issues with any VPNs or Static NAT (port forward) rules you have set up, as the ISP's router will not forward those to the Firebox.

I would suggest asking your ISP for your PPPoE credentials and setting the firewall's external interface to use PPPoE.

You can see the steps here in our help article on how to set up a PPPoE interface in the WebUI or using WatchGuard System Manager's policy manager:

(Configure an External Interface)
https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/networksetup/ext_interface_about_c.html survival race

It's also worth noting that the Firebox T30 has been end-of-life since June 30, 2023. This Firebox has not received any patches for discovered security vulnerabilities since June 2023. I would suggest considering replacing the T30 with a newer model that is still supported.

Thanks for your suggestion. I got it.

I'm seeing users experiencing this now too. When are we going to get an updated client??

@ChrisSnape I'd suggest opening a support case if you haven't done so already. The support team can help look at your logs and determine what might be happening.

The above article title:
. When split tunnel VPN is configured, Mobile VPN with SSL Client v12.11.4 users cannot get access to Internet

Other SSLVPN V12.4 Known Issues:

. After upgrade to Mobile VPN with SSL v12.10.4, authentication to a Firebox from Windows fails
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA1Vr0000004fPZKAY&lang=en_US

. Firebox uses Mobile VPN with SSL tun0 IP address instead of Trusted to connect to AuthPoint Gateway
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA10H000000g3SbSAI&lang=en_US

. Mobile VPN with SSL connection fails for client accounts with Roaming User Profiles
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA10H000000g3U6SAI&lang=en_US

. Mobile VPN with SSL user does not get IP address
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA10H000000g6CTSAY&lang=en_US

. SAML login to SSL VPN fails if Carrier-Grade NAT uses multiple public IPs
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA1Vr000000DLLBKA4&lang=en_US

. Mobile VPN with SSL incorrectly sends an OTP prompt as a password when it authenticates users with AuthPoint
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA16S000000gDS0SAM&lang=en_US

. Mobile VPN with SSL client unexpectedly uses Windows LAN interface defined DNS servers over DNS servers defined by the VPN
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA10H000000g3csSAA&lang=en_US

. SSL VPN connections fail after the client requests the configuration from the Firebox
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA1Vr000000BxeHKAS&lang=en_US

. Non-HTTPS traffic over port 443 denied by cloud-managed Firebox
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA16S000000Bc3kSAC&lang=en_US

Plus some Mac specific ones.

We have exactly the same problem since the new SSLVPN 12.11.4 client. It occurs completely sporadically and without us being able to identify any connection, affecting various clients. The issue can be temporarily resolved by reconnecting, but then it reappears after a few hours, days, or even a week. Support from WatchGuard is very inconsistent, and you often get the impression that they are just stalling us and randomly requesting things like restarting the firewall, etc.
There is even a Knowledge Base article about this issue at: https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA1Vr000000E96fKAC&lang=en_US.

WatchGuard is working on getting a collection of SSLVPN related bugs into a build that will be available shortly. Please stay tuned for an update.

Mark Boscolo
WatchGuard Support Manager.