Mobile VPN with SSL connection from Trusted LAN
Hi
I recently updated our WatchGuard's from firmware 12.8.2 to 12.9
The Mobile VPN with SSL Client software used to connect to our VPN while in use on a laptop on our trusted LAN. Now it does not.
I had intended to prevent such connections, but it would be nice to know why it has suddenly stopped working and how to allow it to work again if necessary.
Thank you.
Best Answers
-
james.carson Moderator, WatchGuard Representative
@AndrewBarnes
This is an issue that popped up with 12.9 -- please seehttps://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA16S000000Bc4YSAS&lang=en_US
It's an easy fix, just add the alias for your internal network to the WatchGuard sslvpn policy.
-James Carson
WatchGuard Customer Support0 -
james.carson Moderator, WatchGuard Representative
@AndrewBarnes I got an update that 12.9 update 1 will have a fix for that, and release is pending. It'll hopefully be out by the end of the day.
-James Carson
WatchGuard Customer Support0
Answers
I’d check both configs before and after the firmware upgrade and compare the settings on that policy in particular.
What do you see in traffic monitor when this access is tried?
I don't have this issue.
Hi, i have the same Problem. My Mobile VPN with SSL Client can connect to VPN from external networks, but i cant connect from internal Networks.
Here is a screenshot of the client state.
Hi
@Torsten_M
your screen shot shows exactly the same problem we have.
@james.carson
We considered using the work around, but not implemented it yet.
If it is a known issue in firmware 12.9, will it be fixed in the next release?
Thank you
Same problem here with 12.9.0. Connections from internal network are used by admins to test new installations of the WG sslvpn client.
Internal networks are configured in the sslvpn rule ("Any-Trusted" in "From") . The workaround only describes access to ssl download page, which works with the internal IP. But connecting with the sslvpn client does not.
@james.carson
Will this be fixed?
Is there a (better explained) workaround?
Can you please give us an update.
@Markus_H
Clearly this will be fixed, and it should be fixed in the next release.
Odd that this did not show up in the V12.9 Beta.
On your WatchGuard SSLVPN, in the From: field, add the name (Alias) of internal interfaces from which internal users try to use SSLVPN to connect to the firewall.
Hi @AndrewBarnes
You'll need to make a change to the policy in order to fix this as detailed in the KB article. Even with the update, WatchGuard generally (unless there is no other way possible) avoids touching customer's existing policies.
If you're continuing to run into an issue, I'd suggest opening a support case so that our team can look into your specific issue.
-James Carson
WatchGuard Customer Support
Hi @james.carson
Maybe I misunderstood. You said "This is an issue that popped up with 12.9" so I presumed it was unexpected and therefore would be addressed / corrected by Watchguard.
The KB is still open, so does that mean it could be addressed?
I will open a support case if it could help.
Thanks
Andrew
The issue is still present -- it is targeted to be fixed in the next release version
If you are running into the issue, you'll need to follow the directions in the KB to work around it.
-James Carson
WatchGuard Customer Support
V12.9 update 1 is out now.
At the moment, the Release Notes have not been updated for this version yet.
This fix is listed in the Release Notes:
The Mobile VPN with SSL portal is now accessible from internal networks. [FBX-24447]
Thank you Bruce and James.
A short confirmation: WSM and firebox was updated to 12.9.0 u1 yesterday, Mobile SSL VPN is working again.