I’m trying to help a pal connect to his company’s network so he can work from home. They have a FireBox T20-W, so I thought the easiest way would be to just set up Mobile SSLVPN. To do this I followed this video https://youtu.be/6cGT7ZA_k1s
The interface is a little different nowadays but everything makes sense and I can follow it exactly up until I get to the stage where I download the client on my pal’s laptop by going to https://10.0.1.1/sslvpn.html
This resulted in a “This site can’t be reached” error page. I also tried just downloading the client which also proved unsuccessful with a “could not read configuration error” which makes sense since the configuration was never applied to the client.
Alternatively, we tried going the Splashtop or TeamViewer route, but I can’t even get to the websites. I added splashtop.com to the allowed (exceptions) list but still could not get there.
Anyone able to help out someone who knows not what they are doing? Thanks!
Potentially daft question, the url you mention above is an internal one, you weren’t trying to reach that remotely?
Either way, you can go to watchguard support website and download the sslvpn client from there. Then you just need to know your wan ip address to get connected with the username and password you’ve configured.
I’m assuming that 10.0.1.1 is your firewalls internal network IP and not just the one that shows in the example?
Your friend can download the client from software.watchguard.com and use the public IP/domain name for the server along with the username/pw for their firebox and/or domain account to gain access.
Just reread your message, are you sure you have the sslvpn enabled (rules etc added to your firebox) and then created a suitable user to login with (and also ensured they are enabled to be allowed access through the sslvpn?
Are you using a custom port for SSL VPN? If so, that has to be in the URL as well. IP:port. As others said, you can just search for the client and download it from WG’s site.
Thanks for the response! To answer the first response, I was trying to access that URL from the internal network. I could get to the user interface with no problem, I just couldn’t get to that client download page that they say to go to in the video.
As far as I know, everything was correctly configured on the FireBox. I had just factory reset the FireBox so it was set to basic configurations and went through the SSL VPN “wizard” which I think should have set everything up on the FireBox to work correctly. And I did triple check that pesky “enable SSL VPN” radio box. I also had someone much smarter than me check it out and everything seemed OK, but they could also not get that configuration file through the URL.
In the default config the SSL vpn doesn’t listen on the internal interfaces.
If you add the trusted interfaces to the SSL VPN policy you should be golden
Client on internal network “hi I’d like to use the vpn to access internal resources”
Firewall “…wtf… You are internal resources”.
That’s probably what you’re hitting op. We usually advise having clients use a hotspot to connect for testing if they want to do it from on site. A lot of our clients also get a PDF copied to their computers c:\users\default\desktop directory with vpn instructions. But I saw you are trying to connect to the login page to verify connectivity, that is the exact right way to test connection and rule out VPN program issues.
If you add the trusted interfaces to the SSL VPN policy you should be golden
Technically you can do this, but I’d highly recommend against it. Someone will eventually try to connect to the VPN from the internal network and create a headache.