Devices behind a remote WG unreachable since 12.5.3 update
I'd appreciate your feedback n my issue.
We have two remote sites:
1. Site 1: WG M200
- WS 2016 host with several VMs incl RDS farm, DC with DNS 192.168.16.253 etc
- Offices 192.168.16.0 network
2. Site 2: WG M370 (upgraded from M200)
- Offices 192.168.254.0, 10.2.8.0, 10.2.7.0, 10.2.254.0 VLANs
Both firewalls configured correctly with all required tunnels.
So last Wednesday, I replaced the M200 at Site 2 to M370 and updated the OS to 12.5.3 U1 on it. All worked fine until I realised I couldn't VPN from home to Site 1 any more, but not until I switched the servers over the last weekend. The new DNS IP is 10.2.7.50.
Both firewalls DNS/auth settings have been updated to point to the new DC/DNS IP. Basically, all VMs were shut down at Site 1 and Site 2 became the main site running our VM servers (ADFS, DC, FP, RDS etc).
When I was testing all this before and whilst on M200s at both sites, I was able to connect to both firewalls from home via Mobile VPN. Both firewalls were correctly communicating with the new DC/DNS server with a new IP at Site 2.
Site 1 & 2 FWs were connected to DNS 10.2.7.50 and the domain controller was reachable. VPN authentication worked fine.
Then I replaced M200 with M370 at Site 2, updated it to 12.5.3, then launched the VMs and realised I couldn't connect to Site 1 anymore.
It turns out that the firewall at Site 1 is no longer able to reach any devices outside of the firewall at Site 2 and vice versa. It seems like the issue is related to the OS update.
All devices at Site 1 and 2 can communicate properly and everything else works as it should, but neither of the firewalls cannot communicate with devices outside of the firewalls, which includes the new DC/DNS IP - hence why VPN authentication fails when trying to connect to Site 1 VPN. I can connect with my Firebox username, but not a domain account.
I'm not 100% sure it is to do with the OS update, but I didn't change any other configs on neither of the firewalls.
Up until Tuesday, both sites were running WG M200 with 12.2.1 OS. Both were configured for BOVPN and Mobile VPN with SSL.
I updated M200 at Site 1 to 12.5.3 U1, but it didn't make any difference.
What has changed in the 12.5.3 OS that would prevent the firewalls from communicating with other devices?
Anything else I should be checking?