Mobile SSL VPN - Recent Issues
Hi all,
Model: FireboxV Medium
Version: 12.11.4.B722644
Having some recent issues with my virtual firebox and Mobile SSL users connecting. This has worked fine for a couple of years, but the last couple of months have seen various users getting "timed out" and "Failed to get domain name" error messages.
We use AD to authenticate, as we have for years. With the DCs for the domain residing behind the virtual firewall, on a trusted network.
I have three physical fireboxes connected to the virtual firebox via BOVPN (in different locations), and the same users can authenticate fine to those - using the same DCs behind the virtual firebox (Switching the server address to the physical devices). So it is only the virtual firewall direct that is causing the issues.
I have spoken to the datacentre engineers, where the virtual firewall resides, and we have run various network checks and nothing has cropped up. General internet access from the virtual firewall and the BOVPN tunnels are all working fine.
Some users have had no issues at all and continue to logon to the Virtual firebox without issue. But others (including myself) just can't connect using it. So we have to use one of the other physical devices.
Open to ideas and things to check before I raise a proper ticket with WatchGuard.
Regards,
Chris Snape
Comments
May not be related, but there is this Known Issue:
When split tunnel VPN is configured, Mobile VPN with SSL Client v12.11.4 users cannot get access to Internet
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA1Vr000000E96fKAC&lang=en_US
Thanks Bruce.
I'll do some testing with different versions of the client and see what happens.
I have provided a list of many of the SSLVPN open Known Issues in this topic:
https://community.watchguard.com/watchguard-community/discussion/4427/sslvpn-12-11-4-internet-connection-issues#latest
I uninstalled the SSL VPN and installed an older version - 12.7.2
The same problem still occurred. I get a time out when trying to connect to the datacentre firewall, but works fine to he others. I have triple checked the IP and it is fine.
My issue is the connection, not the data transferring once connected.
2025-10-31T10:14:02.212 Requesting client configuration from ...:443
2025-10-31T10:15:02.718 FAILED:Cannot perform http request, timeout 12002
2025-10-31T10:15:02.718 failed to get domain name
@ChrisSnape Your logs are telling me that the SSLVPN client can't contact the firewall you're trying to connect to at all.
If you're using an alternate port at this location, remember that you'll need to type in the port after the address. (eg, vpn.watchguard.com:444 )
-James Carson
WatchGuard Customer Support
No, it is the standard port number and about half of our staff are fine. It is the other half that have slowly started having issues as the days have gone by. They used to work, but now don't. It is really weird.
I'm not sure if it correlates to the last time I upgraded it's firmware?
I've checked blocked ports and sites and nothing in there either.
@ChrisSnape I'd suggest opening a support case if you haven't done so already. The support team can help look at your logs and determine what might be happening.
-James Carson
WatchGuard Customer Support