Firewall denied traffic from authenticated user as Unhandled external traffic
Hi,
M370 12.7.2
I can´t get traffic flowing on policies where the source is a authenticated user and traffic is comming from a bovpn tunnel.
Below is the user authenticated with success and a policy exists allowing the user to rdp into the destination ip address, but firewall denies the traffic with Unhandled External Packet-00.
Do fireware not support this kind of traffic flow?
2021-11-25 14:30:43 NetGroup-HA1 admd Authentication of Firewall user [username] from Remote_IP_Address was accepted msg_id="1100-0004" Event
2021-11-25 14:30:43 NetGroup-HA1 sessiond Firewall user username from Remote_IP_Address logged in msg_id="3E00-0002" Event
2021-11-25 14:30:43 NetGroup-HA1 wgcgi Remote ip(Remote_IP_Address) is not an agent address Debug
2021-11-25 14:30:54 NetGroup-HA1 Deny Remote_IP_Address Destination_IP_Address rdp/tcp 61211 3389 TunnelToMicroComASA Internal Network Denied 52 126 (Unhandled External Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148" tcp_info="offset 8 S 2802578276 win 32" src_user="username" Traffic
Regards
Robert
Comments
The deny is for the remote IP addr, which is presumably not allowed over the VPN.
If the user VPNs in, then would get a local IP addr, and then should work
The remote ip is allowed - and if i choose to set the policy source as the ip address instead of the authenticated AD user, it works, so it´s not policy issue.
Interesting
I have opened a case today. Let´s see what they say.
I don´t know what to say about WG support. I´m impressed how bad the support is sometimes.
I wrote to the support person after some conversation, if he did not know the answer then escalate the case. He´s response:
Please take notes that I'm not here to give you an answer to your problem, I'm here to gather all the information I can to be able to escalate and help you to the resolution of the issue you are encountering
So first line support do not do support, they only gather information! Waste of time.
Then the next support person says i have to create a vpn policy from the vpn menu (which do not solve my issue) and will only open up for more sources than needed.
What a bad advice.
Case opened 01613256
This was caused by mismatch is username where MS AD was in all lower capital letters and the Watchguard username had a Upper capital letter.
@rv@kaufmann.dk
Ah, the name mismatch --
I generally recommend using a group for this as the group will always return the same way from the AD server. Even if the group is just for one user, it will prevent this.
-James Carson
WatchGuard Customer Support
Yep, total end user mistake
Need vacation soon.