?
Solved

Watchguard Firebox X20e will not allow VPN tunnel to function and will not allow devices to go on line unitl the computer is logged on to the appliance.

Posted on 2008-10-01
1
Medium Priority
?
504 Views
Last Modified: 2008-10-04
We are just installing a Watchguard Firebox X20e.  There are problems with the manual VPN tunnel allowing traffic, and trouble getting on line the first time.  Workstations must log on to the FireBox [do an https://xx.xx.xx.xx and log on to the box.  LOg off again and you can surf the net.
Debit machine cannot communicate because there is not way to log on to the firebox with it.
Both ends of the tunnel can see each other,  The ping packets are seen at the far end of the tunnel, but the answer is rejected to show all packets dropped
0
Comment
Question by:wilf_thorburn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 22621299
I think you have configured authentication option for all users, so all users need to authenticate; log on to configuration page of Edge:
1. From the navigation bar, select Firebox Users > Settings.
2. I think, Require user authentication (enable local user accounts) is checked; here there are few things which can be done:
 a. You can disable the above option; then there would be no user-based control for access to the Internet or VPN tunnels.
 b. Select and check Automatically prompt for login on Web access checkbox; the authentication dialog box launches any time a user who has not yet authenticated tries to get access to the Internet.
 c. Further if you wish to have authentication implemented you can bypass authentication for few device as:
   i, From the navigation bar, select Firebox Users > Trusted Hosts.
   ii. In the Host IP Address text box, type the IP address of the debit machine on your trusted or optional network to allow it to browse the Internet without authentication restrictions.
   iii. Click Add; repeat to add more devices if needed.

For the VPN tunnel; first thing I would check if the IP subnet of the networks behind the devices are same; if yes, you would need to change the subnet at one of the ends.

Please check and update.

Thank you.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question