SSL VPN users using DHCP Server?

Hi all,

Firebox: M270 running 12.4.1

I would like my SSL VPN users to be assigned IP addresses from our DHCP server on the trusted network. I can see that you can block out IP address pools, but ideally I want the DHCP server to allocate the IP address as our trusted interface subnet has a lot of reserved blocked IP addresses.

Currently the firebox doesn't do anything with DHCP on the trusted interface, it is disabled.

Hope someone can assist.

Kind Regards,
Chris Snape

Comments

  • Sorry, that is not an option.
    The firewall hands out IP addrs for the client VPN connections.

    You can post on the Product Enhancement section for this ability.

  • Bugger. Ok, thanks for the quick reply.

  • I quite agree, this is a big short coming.
    We have SIP phones connecting (well they did before most recent firmware update) and we want to monitor when they drop their SSLVPN connection but this is impossible because IPv4 addresses cannot be reserved for specific devices.
    We now have a need to monitor the computers at the end of an SSLVPN connection but there is no way to identify the computer at the end of the link by name in order to push monitor agents onto the device.

  • The only current method to have known IP addrs for VPN client connections is to use IKE, and to have a separate group for each client. You assign IP addrs to groups.

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    @ChrisSnape You can configure the SSLVPN to be on a bridge interface, and assign it a specific range from inside your trusted network. There isn't a way to assign each client a specific address, but it does get you on the IP range. Note that broadcast traffic still won't work this way, as the VPN client has to route the traffic to the firewall.

    @SteveStewart if you're looking to monitor when your phones drop, searching by the username each phone is using should show when they connect and disconnect in your logs. Since the firewall can only hold a small amount of logs, it'll work best if you're logging to a dimension server.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.