So long as the firebox has a route to that server, that shouldn't be a problem.
Note that you may need to write a rule to apply the IP address that you want the firebox to access that remote RADIUS server via. By default the firebox will source traffic that is destined to networks that it doesn't own via the first available IP address from the lowest numbered external interface.
You can create a policy and using the advanced options in NAT, set the source IP you want the traffic to be from (usually the IP address of your trusted network.)
Comments
Hi @waynoh
So long as the firebox has a route to that server, that shouldn't be a problem.
Note that you may need to write a rule to apply the IP address that you want the firebox to access that remote RADIUS server via. By default the firebox will source traffic that is destined to networks that it doesn't own via the first available IP address from the lowest numbered external interface.
See:
(Configure Policies for Firebox-Generated Traffic)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/policies/policies_firebox_generated_traffic_configure.html
You can create a policy and using the advanced options in NAT, set the source IP you want the traffic to be from (usually the IP address of your trusted network.)
-James Carson
WatchGuard Customer Support
Thanks for getting back to me, still a little confused, there is a route to that server, see below:
But the report to that BOVPN returns this on that route:
Do you have a policy, such as an equivalent BOVPN-Allow-in, to allow this traffic in?
Yes, it was generated when setting up the BOVPN's.
Are you seeing denies for this traffic?
Odd that the BOVPN report thinks that this traffic is being denied if that is not the case.