Hello,
there are 3-4 small different Customers with older Watchguard X or T series with Firmware early v12. (or late v11)
I observed that it is needed to re-install windows-firebox-ssl-client approx 3-4 per year on their windows notebooks.
PC reboot doesn´t solve it.
Different Version of Firebox Client doesn´t solve it.
Do you know the cause of it?
Do you also observed it?
The Firebox cert will have a maximum life of 10 years, and if you’ve still got an X in circulation, yep, that is ancient indeed.
I’ve been using SSL VPN for many years and have not encountered this. Something else in your environment is corrupting it. The only breaking issues I know of are folder redirection of appdata and wifi that’s faster than gigabit. There was a buggy client that fails to connect on some devices, but I think that’s fixed now.
FireOS 11 is out of Support and have some cve’s. Chance to a New Hardware with supported FireOS. Early 12? Don’t use FireOS earlier 12.7.x, also no Support. Problem with sslvpn, i think its a problem with the tls/ssl compatibilitiy form windows.
Are you updating the SSL VPN client every time you do a major update on the firebox? I.e. 12.10 clients only work with 12.10 fireboxes, 12.11 fireboxes don’t work with 12.10 clients. Also, I occasionally find that the openVPN tap driver goes wonky and reinstalling the SSL VPN client or the open VPN tap driver is the only way to fix…
Antiviruses/endpoint agents like to mess with the TAP driver that shows up under your network adapters once you install the client > check next time you’re thinking of reinstalling and see if the TAP driver is still showing up before you uninistall.
Is this the bug where it just goes “Starting VPN with SSL” then back to the login screen? We see this regularly and have to uninstall/reinstall to fix, this is all with the latest client and latest Fireware
Other thing is the machine having too many VPNs with them conflicting with each other, but it’s a pretty rare edge case
Same problem here with watchguard epp or epdr, ticket opened at the support.
No worry with epp and epdr, working line a charm.