Mobile Client SSL VPN via Load Balancer

Trying to setup two Firebox Cloud instances on AWS behind a load balancer; which was Watchguard's suggestion (via our distributor) for a failover solution.

Everything works a treat; except:

The client uses Windows 11 exclusively and there seems to be an issue with the WG SSL VPN client not connecting and on occasion the EXE needs to be ran as an administrator which then allows it to connect. It's intermittent. As the client are ISO27001 certified it's not an easy discussion to have users as local admins.

So, I'm trying the OpenVPN client, which I know the WG SSL VPN client is built from. However, given that the OpenVPN profile includes the CA, Cert and Private key bound to the built-in SSL VPN Server it's different on the two fireboxes.

Can't merge them, or have both in the profile as the TCP size is too large for the firebox to accept.

Can't replace the SSL VPN server certificate on the fireboxes either.

Any suggestions please?


  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Adam_Hunt_GSL

    The SSLVPN client should only require administrator if it's trying to upgrade -- if it's requiring that just to connect, I suspect there's something else going on.

    The only instance where the SSLVPN would support a failover is in a cluster configuration (where the devices actually end up both adopting the cert from the first firewall in the cluster.) If you're running two independent firewalls, your best option may be an openvpn server behind the firewalls that you have full control over the certs and other info via.

    If you haven't done so, a support case may be the best option here.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.