Karim

Reactions

0 Promote 0 Like 0 Boom 0 LOL 0 Spam 0 Abuse

Comments

  • Hey guys, I feel a bit stupid as I found out in the setting of the SSL VPN a check mark that allows the VPN users to save the password or not. Yup... sometimes we just forget or don't see what is under our noses. Anyway, thank you for your support. Always very much appreciated.
    in New Windows Defender Credential Guard Comment by Karim July 24
  • OK, finally I was able to sort out my VPN connection. So, on the Starlink side in Colorado, I setup my watchguard with a BOVPN over TLS Client, and in AZ my Watchguard that has a static public IP, I setup a BOVPN over TLS Server. Works like a charm. I did not even have to setup the STARLINK modem/router in passthrough…
    in Starlink and BOVPN Comment by Karim July 24
  • Bruce, the public IP you get on the Starlink network is not a routable IP since it is using CGNAT. It is the same principle then trying to reach a PC with a private IP behind a watchguard NAT. Actually, the Watchguard public interface gets a dynamic IP which is a none routable IP that is not the public IP you get from…
    in Starlink and BOVPN Comment by Karim July 11
  • James, yes the problem comes from the new Windows Security policy which is not going to change. Windows Credential Guard is preventing the password to be filled in into the Watchguard SSLVPN application even with the registry hack which I already tried. One way or the other, in the future anyway, we do not want to disable…
    in New Windows Defender Credential Guard Comment by Karim July 9
  • Thanks guys for your answers but unfortunately Starlink is a bit complicated. Starlink uses CGNAT and their IPs are not public IPs, so no DDNS, or any of that can be used. The BOVPN over TLS can work because the watchguard firebox on the Starlink network is set as a client and initiate the connection like any personal vpn…
    in Starlink and BOVPN Comment by Karim July 9
  • Make sure your NAT for the SSLVPN is properly setup for whatever resource you need to access behind the firewall! Go to the network menu then NAT. Add or modify your SSLVPN IP range to internal IP range resource you want to reach.You can also just setup your SSLVPN IP range to ANY which will allow your VPN client to access…
    in Mobile VPN with SSL users cannot access local resources Comment by Karim July 8
  • I ran into the same issue with our SSLVPN, but I have setup our Geo-Location filter which helps a little, and our "Account Lockout". I the end of my policies list, I setup a policy trap for our public SSLVPN IP. If the client is not successful in logging in the SSLVPN policy, it is caught by this final policy that blocks…
    in SSLVPN Access Attempts Comment by Karim July 8