WathcGuard Mobile VPN is looping on Push Request

Hi All,

WatchGuard Mobile VPN with SSL 12.7.
Firebox model in the office 35T.
VPN users are authenticated against Active Directory
2-step verification is set up in AuthPoint

A user tries to connect VPN but after approving AuthPoint push request the process starts to loop and another push request is sent.
Eventually the process of connection gets stuck either at "Successful ARP Flush on interface" or "Assigning Virtual IP address".

Tried to reinstall VPN client - didn't help.
The issue is user-specific as other users are not affected.

Could you please advise what else worth to try.

Thanks.

Best Answer

Answers

  • james.carsonjames.carson Moderator, WatchGuard Representative

    If it's specific to the user, please check that they're in the group that allows access to the SSLVPN.

    I'd also suggest right clicking the SSLVPN tray icon, going to properties, and change the logging to DEBUG.)

    You can then view logs, (newest on bottom) and see what response the firewall is getting.

    -James Carson
    WatchGuard Customer Support

  • I too have seen a similar issue with Webroot and the SSLVPN. For some reason it was only happening with this user or machine. It would just stop. The sign in and 2 factor would work and as it started to go through its process it would just hang. Reinstalled the machine and it still happened. User is an admin of his machine. Never tried logging in as another user though. Switched AV to Watchguard and no problems.

  • I know this is an older thread, but the issue is not resolved. I have a machine that loops when logging into the WG SSLVPN. We do use Webroot and that is deployed to all machines through policy, so it cannot be replaced. The issue is only affecting a single computer. The user can log into the VPN on another computer using the push method. Whereas, my test user that uses a hw token also loops on her computer but works well elsewhere. So it does not seem to be a problem with Authpoint or the user. I suspect that Webroot may be a contributing factor, so I am researching disabling certain WR functions.

    Does someone who has resolved this issue, know specifically what function of Webroot was conflicting?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @DaveC
    I would suggest taking a look at the logs on the client machine specifically
    (If you right click the tray icon for the SSLVPN, you should see an option to view logs.)

    If you need assistance interpreting those logs, I would suggest opening a support case. Please do not post that log here in the forums, as it will contain IPs of both your user and the endpoint you're trying to connect to.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.