Solved

Watchguard Firebox X20e will not allow VPN tunnel to function and will not allow devices to go on line unitl the computer is logged on to the appliance.

Posted on 2008-10-01
1
494 Views
Last Modified: 2008-10-04
We are just installing a Watchguard Firebox X20e.  There are problems with the manual VPN tunnel allowing traffic, and trouble getting on line the first time.  Workstations must log on to the FireBox [do an https://xx.xx.xx.xx and log on to the box.  LOg off again and you can surf the net.
Debit machine cannot communicate because there is not way to log on to the firebox with it.
Both ends of the tunnel can see each other,  The ping packets are seen at the far end of the tunnel, but the answer is rejected to show all packets dropped
0
Comment
Question by:wilf_thorburn
1 Comment
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
Comment Utility
I think you have configured authentication option for all users, so all users need to authenticate; log on to configuration page of Edge:
1. From the navigation bar, select Firebox Users > Settings.
2. I think, Require user authentication (enable local user accounts) is checked; here there are few things which can be done:
 a. You can disable the above option; then there would be no user-based control for access to the Internet or VPN tunnels.
 b. Select and check Automatically prompt for login on Web access checkbox; the authentication dialog box launches any time a user who has not yet authenticated tries to get access to the Internet.
 c. Further if you wish to have authentication implemented you can bypass authentication for few device as:
   i, From the navigation bar, select Firebox Users > Trusted Hosts.
   ii. In the Host IP Address text box, type the IP address of the debit machine on your trusted or optional network to allow it to browse the Internet without authentication restrictions.
   iii. Click Add; repeat to add more devices if needed.

For the VPN tunnel; first thing I would check if the IP subnet of the networks behind the devices are same; if yes, you would need to change the subnet at one of the ends.

Please check and update.

Thank you.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now