Mobile VPN with SSL connection from Trusted LAN

Hi
I recently updated our WatchGuard's from firmware 12.8.2 to 12.9
The Mobile VPN with SSL Client software used to connect to our VPN while in use on a laptop on our trusted LAN. Now it does not.
I had intended to prevent such connections, but it would be nice to know why it has suddenly stopped working and how to allow it to work again if necessary.
Thank you.

Best Answers

Answers

  • I would check the built-in SSL VPN rule and see if “Any-Trusted” is listed as a SOURCE along with “Any-External”.

    I’d check both configs before and after the firmware upgrade and compare the settings on that policy in particular.
  • What do you see in traffic monitor when this access is tried?

    I don't have this issue.

  • Hi, i have the same Problem. My Mobile VPN with SSL Client can connect to VPN from external networks, but i cant connect from internal Networks.

  • Here is a screenshot of the client state.

  • edited January 2023

    Hi

    @Torsten_M

    your screen shot shows exactly the same problem we have.

    @james.carson
    We considered using the work around, but not implemented it yet.

    If it is a known issue in firmware 12.9, will it be fixed in the next release?

    Thank you

  • Same problem here with 12.9.0. Connections from internal network are used by admins to test new installations of the WG sslvpn client.

    Internal networks are configured in the sslvpn rule ("Any-Trusted" in "From") . The workaround only describes access to ssl download page, which works with the internal IP. But connecting with the sslvpn client does not.

    @james.carson
    Will this be fixed?
    Is there a (better explained) workaround?
    Can you please give us an update.

  • @Markus_H

    Clearly this will be fixed, and it should be fixed in the next release.
    Odd that this did not show up in the V12.9 Beta.

    On your WatchGuard SSLVPN, in the From: field, add the name (Alias) of internal interfaces from which internal users try to use SSLVPN to connect to the firewall.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @AndrewBarnes
    You'll need to make a change to the policy in order to fix this as detailed in the KB article. Even with the update, WatchGuard generally (unless there is no other way possible) avoids touching customer's existing policies.

    If you're continuing to run into an issue, I'd suggest opening a support case so that our team can look into your specific issue.

    -James Carson
    WatchGuard Customer Support

  • Hi @james.carson

    Maybe I misunderstood. You said "This is an issue that popped up with 12.9" so I presumed it was unexpected and therefore would be addressed / corrected by Watchguard.

    The KB is still open, so does that mean it could be addressed?

    I will open a support case if it could help.

    Thanks
    Andrew

  • V12.9 update 1 is out now.
    At the moment, the Release Notes have not been updated for this version yet.

  • This fix is listed in the Release Notes:

    The Mobile VPN with SSL portal is now accessible from internal networks. [FBX-24447]

  • Thank you Bruce and James.
    A short confirmation: WSM and firebox was updated to 12.9.0 u1 yesterday, Mobile SSL VPN is working again.

Sign In to comment.