Server to SSL VPN client computer
Hi, on my estate we have a watchguard m270 (soon to be replaced with a M470) and I am getting various issues, one of which is that from my application server (or even the DC for that matter) I can ping my laptop when it is connected over the SSL VPN, but I cannot UNC to it's hard drive, despite being a domain administrator with pretty much permissions to everything.
Just to be sure I also tried enabling Netbios in my laptop network adaptor's advanced properties and I created a local share on my machine, gave everyone full control and I cannot access this either, so this definitely seems to be some sort of routing/vpn issue.
For information, I can do this in reverse - browse the Server's unc path in windows explorer on my laptop.
In the firebox policy manager I tried creating a new policy with the Any policy type, from the server IP address and the to being my laptop's current IP whilst connected to the VPN.
Being new to administering Watchguard products, I'm not sure if I have to do anything to refresh the policy, but it says it's active in Policy manager so I'm assuming not, but on the server I still get a "windows cannot access \hostname\share" indicating that although echo requests are being responded to, UNC browsing is having none of it. So perhaps the problem isn't the firewall policies but the routing of traffic to the VPN clients?
Like I mentioned I'm new in my role and haven't dealt with Watchguard before so I'm not entirely sure where the problem lies!
Any ideas please?
Comments
Make sure that this is not a Windows firewall issue on the client PC.
It definitely isn't. I forgot to mention, I can UNC from another VPN connected machine to my laptop, also connected via the VPN, but I cannot do it from our apps server, and thus applications like PDQ Deploy won't work on the machines over VPN, but it does when they're in the office.
That does not necessarily indicate that it is not a Windows firewall issue since the access from another VPN connected PC is on the same subnet and the accessed VPN connected PC, whereas the server is not on the same subnet.
I'd already looked into the GPO and the local firewall policies, so was pretty confident it wasn't those.
I've actually figured this out (and I'm a bit embarrassed) - I'd opened the policies by going to the firewall system manager>policy manager. However, I realised it was working under a new xml file (strangely still had all the existing policies in it) and then was saving, but unfortunately not to the active xml file!
I fired up the web console, added a rule that allows any trusted to anySSLVpn user, and I can now access admin$ shares and browse unc paths.
Thanks a lot for all your help though Bruce! Going through everything with a fine tooth comb so I could explain it all here was what got me there in the end!