Solved

Watchguard Firebox X20e will not allow VPN tunnel to function and will not allow devices to go on line unitl the computer is logged on to the appliance.

Posted on 2008-10-01
1
497 Views
Last Modified: 2008-10-04
We are just installing a Watchguard Firebox X20e.  There are problems with the manual VPN tunnel allowing traffic, and trouble getting on line the first time.  Workstations must log on to the FireBox [do an https://xx.xx.xx.xx and log on to the box.  LOg off again and you can surf the net.
Debit machine cannot communicate because there is not way to log on to the firebox with it.
Both ends of the tunnel can see each other,  The ping packets are seen at the far end of the tunnel, but the answer is rejected to show all packets dropped
0
Comment
Question by:wilf_thorburn
1 Comment
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 22621299
I think you have configured authentication option for all users, so all users need to authenticate; log on to configuration page of Edge:
1. From the navigation bar, select Firebox Users > Settings.
2. I think, Require user authentication (enable local user accounts) is checked; here there are few things which can be done:
 a. You can disable the above option; then there would be no user-based control for access to the Internet or VPN tunnels.
 b. Select and check Automatically prompt for login on Web access checkbox; the authentication dialog box launches any time a user who has not yet authenticated tries to get access to the Internet.
 c. Further if you wish to have authentication implemented you can bypass authentication for few device as:
   i, From the navigation bar, select Firebox Users > Trusted Hosts.
   ii. In the Host IP Address text box, type the IP address of the debit machine on your trusted or optional network to allow it to browse the Internet without authentication restrictions.
   iii. Click Add; repeat to add more devices if needed.

For the VPN tunnel; first thing I would check if the IP subnet of the networks behind the devices are same; if yes, you would need to change the subnet at one of the ends.

Please check and update.

Thank you.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Redesigning network for lab and gaming, cisco switch, pfsense router 9 97
Iptables and mirroring ports 4 77
iPad Won't Connect 16 75
WAN Site Edge Routers 15 50
I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now