Options

VPN group missing from Groups but still in SSL authentication page...

ChaospinheadChaospinhead
in Firebox - VPN Mobile User

Watchguard T10, T15, T20, T35, T40, M300
Mostly on 12.5.2 firmware

I have been having a weird issue. In the past few weeks we have had a couple clients that had trouble connecting to the SSL VPN. When I was investigating I found the VPN group was "missing" from the User/Groups page in policy manager, but still shows up in the authentication page in the SSL VPN settings. I was not able to sign in until I re-added the group to the Users/Groups section. Then the group showed up twice in the SSL VPN settings. One said "Any" for authentication server. One had the domain name. I unchecked the "any" one and checked the other one and then I was able to sign in. The only thing I can think is I had upgraded their firewall. Maybe a problem with that?

Today I am looking at one of our biggest customers firewall and I have almost the same thing. The group shows up in SSL VPN settings but does not show up in users/groups but somehow the users are still VPNing in without a problem. How does the group exist in one place but not in the other?

If I add a new group and select ANY and hit ok, the group shows up in the users/groups page. I feel like there is a bug in this somewhere.

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Chaospinhead

    The culprit here would likely be a config conversion from below 12.5.x to 12.5.2 or better. In order to see what's colliding/causing the issue, we'd need to see the logs from when the device itself upgraded.

    The end result will be adding the group if it did somehow get erased, which you've already done.

    If you see the issue happen again, I'd suggest opening a support case with a support file (as close to the upgrade as possible.)

    You can get a support file by going to
    -In Firebox System Manager, go to the status report tab, click support, then retrieve.
    -In WebUI, go to System Status -> Diagnostics, and click to download a support log file.

    -James Carson
    WatchGuard Customer Support

  • Options
    luecrookluecrook
    edited April 2021

    @James_Carson said:
    Hi @Chaospinhead happy wheels

    The culprit here would likely be a config conversion from below 12.5.x to 12.5.2 or better. In order to see what's colliding/causing the issue, we'd need to see the logs from when the device itself upgraded.

    The end result will be adding the group if it did somehow get erased, which you've already done.

    If you see the issue happen again, I'd suggest opening a support case with a support file (as close to the upgrade as possible.)

    You can get a support file by going to
    -In Firebox System Manager, go to the status report tab, click support, then retrieve.
    -In WebUI, go to System Status -> Diagnostics, and click to download a support log file.

    Thank you very much!! Very useful advice

Sign In to comment.