Mobile VPN with SSL connection from Trusted LAN

I recently updated our WatchGuard's from firmware 12.8.2 to 12.9
The Mobile VPN with SSL Client software used to connect to our VPN while in use on a laptop on our trusted LAN. Now it does not.
I had intended to prevent such connections, but it would be nice to know why it has suddenly stopped working and how to allow it to work again if necessary.
Thank you.

Best Answers


  • Options
    I would check the built-in SSL VPN rule and see if “Any-Trusted” is listed as a SOURCE along with “Any-External”.

    I’d check both configs before and after the firmware upgrade and compare the settings on that policy in particular.
  • Options

    What do you see in traffic monitor when this access is tried?

    I don't have this issue.

  • Options

    Hi, i have the same Problem. My Mobile VPN with SSL Client can connect to VPN from external networks, but i cant connect from internal Networks.

  • Options

    Here is a screenshot of the client state.

  • Options
    edited January 2023



    your screen shot shows exactly the same problem we have.

    We considered using the work around, but not implemented it yet.

    If it is a known issue in firmware 12.9, will it be fixed in the next release?

    Thank you

  • Options

    Same problem here with 12.9.0. Connections from internal network are used by admins to test new installations of the WG sslvpn client.

    Internal networks are configured in the sslvpn rule ("Any-Trusted" in "From") . The workaround only describes access to ssl download page, which works with the internal IP. But connecting with the sslvpn client does not.

    Will this be fixed?
    Is there a (better explained) workaround?
    Can you please give us an update.

  • Options


    Clearly this will be fixed, and it should be fixed in the next release.
    Odd that this did not show up in the V12.9 Beta.

    On your WatchGuard SSLVPN, in the From: field, add the name (Alias) of internal interfaces from which internal users try to use SSLVPN to connect to the firewall.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @AndrewBarnes
    You'll need to make a change to the policy in order to fix this as detailed in the KB article. Even with the update, WatchGuard generally (unless there is no other way possible) avoids touching customer's existing policies.

    If you're continuing to run into an issue, I'd suggest opening a support case so that our team can look into your specific issue.

    -James Carson
    WatchGuard Customer Support

  • Options

    Hi @james.carson

    Maybe I misunderstood. You said "This is an issue that popped up with 12.9" so I presumed it was unexpected and therefore would be addressed / corrected by Watchguard.

    The KB is still open, so does that mean it could be addressed?

    I will open a support case if it could help.


  • Options

    V12.9 update 1 is out now.
    At the moment, the Release Notes have not been updated for this version yet.

  • Options

    This fix is listed in the Release Notes:

    The Mobile VPN with SSL portal is now accessible from internal networks. [FBX-24447]

  • Options

    Thank you Bruce and James.
    A short confirmation: WSM and firebox was updated to 12.9.0 u1 yesterday, Mobile SSL VPN is working again.

Sign In to comment.