We help IT Professionals succeed at work.

Question on x1250e

heincpa
heincpa asked
on
606 Views
Last Modified: 2013-11-16
we are looking to replace our current SSL VPN solution.  During the process we came across the Watchguard x1250e.  This product looks like a solution to the VPN and others like Wan failover.  My question is can you folks give me some feedback on the device.

SSL vpn is a good solution for remote users, are you using it, have you had issues if so what?
Wan failover are you using it, how has it worked for you.
WAN/VPN failover agin are you using it and how has it worked for you.

Thanks
Comment
Watch Question

I'm a network admin managing over 30 of those unit,
it works just fine

with multi wan you can do failed over, load balancing, round-ribbon, its so easy... 2-3 click and you have your wan fail-over set. you can also specify the faild over for every rules.

I tried vpn-wan fail over in a lab, it works, but only with between 2 WGuard unit.

only one bad thing about SSL vpn, you can not specify what is accessible by the users.
you can not specify that the SSL user can only acces 10.1.1.0/24.

for SSL, get fireware pro, without it you only have 1 SSL access at the time...

Author

Commented:
What I have seen so far from the SSL VPN is this.  Our Network is made up of 4 sites and 6 subnets.  The VPN is in the office with 3 subnets.  Now when I come into the VPN I can ping all three subnets in the office but I can not ping the 3 other offies.  Although I have it set to allow access to 172.16.0.0/12.  
it can be a routing problem...

by default, the firebox gives the IP 192.168.113.0/24 to SSL users, so you must have routes in the 3 sites for that network

Author

Commented:
But when a VPN is establishe it nats to a 172.16.1.x address which is our inside ip.  So should'nt traffic flow?
trafic will go to all your subnet, but it will never came back because you don't have any route for 192.168.113.0/24

Author

Commented:
ok I have made some changes.  I set the pool address to 172.16.12.x/24 I in turn put in a route on my external router for the 172.16.12.x subnet.  On my internal raouter I setup a vlan for the 172.16.12.x subnet.  I put the optional-1 port on the 172.16.12.x subnet.  Now I connect to the VPN I get a 172.16.12.x address but I can't pint the default gateway of the 172.16.12.x subent from the VPN client.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for your help it was what I needed to know.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.