Operational Defect Database
BugZero found this defect 1846 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3SNSAY
IPSec and IKEv2 VPNs fail after Fireware v12.4 upgrade
Last update date:
4/30/2019
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.4.x
Fixed releases:
All
Description:
Issue
If your Mobile VPN with IPSec or Mobile VPN with IKEv2 configuration includes an invalid IP address or subnet, the iked process on your Firebox will fail to start. Because of this, any Branch Office or Mobile VPN with IPSec or IKEv2 will fail to connect.
Workaround/Solution
When this occurs, the Firebox generates a log message that looks like this: Apr 03 12:00:00 iked[20843]: Invalid network IP address: 10.0.1.00/24. rc:1 errno:0. In this example, the problem is the extra 0 in the fourth octet. From Fireware Web UI or Policy Manager, you must remove, then re-type the IP address or subnet and save it to the Firebox, even if it looks correct.
