VPN not allowing some XML traffic
When we log into a t-10 Firebox at one of the 911 sites we support, we can view servers correctly. However, when trying to remotely attach a mobile workstation, it authenticates all the way until it fails in what is called the "Telephony Services' login". We suspect the XML traffic is the culprit. Any thoughts?
Sign In to comment.
For the record, what XTM version are you running?
Anything in Traffic Monitor to help understand this?
What kind of mobile workstation?
Attaching using what software?
What kind of policies are allowing the traffic from the VPN (Mobile VPN ???) to the mobile workstation ?
The T-10 is running ver 12.4.B592447 and my client is running ver 12.5.3 and Mobile VPN with SSL.
The workstation is a 32 bit HP Compaq laptop running windows 7 and has some peripherals required for 911 call taking. As for policies,
the only use for this Firebox is for managing a remote 911 center. It provides no other firewall services. For testing purposes, we applied an "Any" policy at the top of the policies list to make it wide open. We wanted to eliminate any firewall issues during this troubleshooting phase.
When trying to log the remote call taking workstation onto the Centers network for call taking, we can observe the progress through the system. It is successfully moves through two devices, but on the last phase (a Telephony server) it hangs and then "Fails to log into Telephony Services". When this laptop is placed locally on the 911 Centers LAN, it authenticates correctly each time. The IT director at the site has opened up a hole through his network with all ports open. We have disabled the firewall services on the DSL modem serving the laptop. Also, this laptop can remote into the T-10 and get to all servers for management. It's just when it runs the client software (Vesta/Airbus) that it fails.
I'm not up to speed on using Traffic Monitor on the WatchGuard, but I'll give it a try. Thanks
If the SSLVPN setup is set to Routed VPN Traffic, try changing it to Bridge VPN traffic, and see if that helps.
Also, on your Any policy, make sure the From: fields includes SSLVPN-Users
I'll try both items later today, Friday.