Watchguard Management Server (WMS) and SDWAN
I have firewalls connected to the WMS by using Virtual Interfaces, external access forbidden.
When I change the routing to SDWAN actions the WMS is not longer available and get the usual timeout error on the firewall.
I am using virtual interfaces with a transport network, I have also added the route to the WMS in the VPNs.
I can only connect to the WMS if only one VPN is active.
Has someone an idea?
Sign In to comment.
finally I figured out how to configure the firewall to allow SDWAN for WMS.
1. Do not add routes to the WMS in the Virtual Interfaces
2. Make sure that all related inbound and outbound policies contain the WMS and all Virtual Interfaces on both sites of the VPN tunnel
3. Enable configuration of policies for traffic generated by the Firebox in the Global Settings
And put that generated policy to the end of the policy list, auto-order is never a good idea if you try to use SDWAN.