Issue with Server Center / System Manager connection to Fireboxes

We have a watchguard Server center located at our office on premise. We use this to manage our clients Watchguard Fireboxes. The technical staff will connect to the management server using Watchguard System Manager installed on their laptops. This works fine when the tech staff is located at that office.

When the tech staff is working remote they connect to a vpn with split tunneling so their internet connection uses their home internet service while connection to the management server occurs over the vpn. The System manager installed on the tech laptops are able to connect to the management server just fine.

The issue is that many task such as adding new devices or connection to policy manager, host watch, etc sometimes it will make the connection to the customer firewall with a direct coonnection by the laptop over their home internet and not from the management server. This causes a connection issue because the customers firewall only allow a connection from the management servers ip address.

Is it possible to have only the management server make the connection to the customer fireboxes and then forward that traffic to the tech laptops over the vpn.

Comments

  • The only solution that I see is for your remote users to remote connect (RDP etc.) to the WSC server. Then the WSC server IP addr will be used when a tool such as Policy Manager etc. is launched.
    Othwerwise, the IP addr of the remote client will be used since the tool is actually running on the remote client PC and not on the WSC server.

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    Hi @wseyller

    For that to work, the techs will either need to remote into the actual server hosting the management server (RDP), or run a full tunnel VPN. System manager is designed to do those add tasks via the machine it's running on, so the only way to change that is to tunnel, or change where you're doing it from.

    -James Carson
    WatchGuard Customer Support

  • Thanks. Went with full vpn tunnel

Sign In to comment.