SSL VPN NGINX error after upgrading to 12.10.4 U1 today

robbied31robbied31
in Firebox - VPN Mobile User

Hello, I had a user getting autoblocked today. Nothing new on the workstation so I updated the firmware to 12.10.4 U1. after doing that, there were no more IPS issues, but no one can login to the SSL VPN Now. I get an NGINX error .... 2024-08-27 13:51:32 wrapper nginx: 2024/08/27 13:51:32 [error] 2991#0: *1587 open() "/usr/share/web/sslvpn/sslvpn.html" failed (2: No such file or directory), client: xxx.xxx.xxx.xxx, server: Debug
There is no activity in AD logs and no activity in Authpoint logs from watchguard cloud. I have just opened a case, but hoping maybe someone here knows what is going on so I can solve it quickly.

Thanks

Rob

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi Rob,

    It sounds like something in the SSLVPN webserver config might have gotten messed up.

    I'd suggest the following:
    -Using policy manager or the WebUI, disable SSLVPN and Access Portal, and save.
    -Re-enable SSLVPN and Access Portal (I would suggest doing SSLVPN, then Access portal, pausing to see if any errors pop up.

    -James Carson
    WatchGuard Customer Support

  • robbied31robbied31

    This did not solve the problem. My firebox disconnected from the Watchguard cloud which watchguard support thinks is why the ssl vpn cannot authenticate using authpoint. Watchguard support is having a tough time getting it to reconnect to the cloud. This is a locally managed firebox connected to the cloud for logging and authpoint.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @robbied31 If you have a case open, I'd keep working with the team there -- they'll have more information to help.

    -James Carson
    WatchGuard Customer Support

  • robbied31robbied31

    Yeah, i got up to another tier, but haven't heard a word in over 24 hours. Not happy with the current situation!

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @robbied31
    I'm sorry it's taking some time to reply. Can you please reply with your case number -- I can make sure it's with the correct team and ask the support team to assign it.

    -James Carson
    WatchGuard Customer Support

  • robbied31robbied31

    02106799 Thank you

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @robbied31 The technician that's working on your case has identified a certificate issue that is preventing your firewall from connecting to WatchGuard Cloud. They are asking for a different type of access to correct that for you.

    -James Carson
    WatchGuard Customer Support

  • robbied31robbied31

    James, thank you for getting involved, I greatly appreciate it! After we got the firebox reconnected to the cloud, there was more work to do. I had to remove my authpoint resource and then add it back to get AuthPoint MFA working again. Then, since I was asked to re-add the resource with different settings, I had to enable a group in the SSL VPN config on the firebox. After that we were back in business. The upgrade seems to have broken multiple pieces of the config. As well as communication to the cloud and disconnected resources in the cloud from the firebox. I am hoping Support can give me an explanation as to what they think happened. Although that may be tough as I had quite a few techs work with me on this. I just want to be able to bypass this in the future.

    Thanks again!

    Rob

Sign In to comment.