no internet connection after vpn connection with at&t client


we've got a strange problem, a customer is using a seperated Port on the watchguard,
to connect to his VPN. If we are using this Port, which should only can use the internet and not the local network, with any other Computer, the Internet is working fine and we can also establish a VPN connection to another Watchguard (Mobile VPN with SSL).
The customer laptop is getting also an ip address of that watchguard, but if the VPN
connection is established via AT&T client to his Network, the connection is working
only for a short time. After that, the internet connection is lost and no other computer
can establish an internet connection, until I deactivate and reactive the Interface.

Model: M200
Version: 12.0.B540035

Are there any known issues?

Thanks for your help.



  • Options

    Your XTM version is almost 3 years old.
    There have been many fixes since your version.
    Anything obvious in Traffic Monitor when this happens?

    Does this A T & T client use IPSec?
    If so, have you selected the "Add a policy to enable outbound IPSec pass-through" check box in VPN Options?

  • Options

    Thx for your reply. Firmware update is scheduled for sunday. The VPN connection isn't provided by the WG, it is provided from the customer itself and the laptop should use only our internet for this connection.

  • Options

    The firmware is now the latest version (12.5.4.B622768) and your IPSec hint is activated, but the issue persists. Any other hints?

  • Options

    Please explain more about the firewall port to which the AT&T user is connected. What type is this set to: Trusted, Optional or Custom?
    Custom would be the best option. That should prevent any access to anything else on your LAN.
    You would need to add 1 or more policies for this port to allow access to the Internet.
    Configure a Custom Interface
    And it should have DHCP set up on that interface and probably have an external DNS server IP addr added.

    "After that, the internet connection is lost and no other computer can establish an internet connection, until I deactivate and reactive the Interface."\
    No idea what could cause this. Nothing to help understand this in Traffic Monitor?
    If this persists, you should open a support incident to get WG help.

    As for the VPN client issue - without knowing what VPN protocol that the AT&T client is using, no ideas.
    You could add an Any packet filter From: the IP addr that the VPN client gets, and enable Logging on the policy.
    Then you could see the packet types coming from the VPN client, which should indicate the protocol being used.

    You can open a support incident on this, or have the user open a support incident with AT&T to hep in troubleshooting.

  • Options

    Hi, sorry for my late reply, Network is trusted and not custom. Policies are applied to all configured trusted networks. DHCP server is activated and 2 external DNS Server are configured (Telekom and Google). If the connection is
    lost, only DHCP requests are visible within the logs. I will open a service request and keep you up to date.


  • Options

    Use of type Trusted for this interface may be the cause of some of your issues

  • Options

    Hi Bruce. Thanks for your help. WG has initiated an RMA. Now the problem is solved. Unfortunately, I don't know why this depends on the hardware, but the problem is solved. But thanks for your help!


Sign In to comment.