Operational Defect Database
BugZero found this defect 1850 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3T0SAI
Mobile VPN with IPSec and IKEv2 users cannot connect to Firebox network included in zero-route VPN
Last update date:
4/26/2019
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.1.x
12.1
12.1.1
12.1.3
12.2.x
12.3.x
12.4.x
Fixed releases:
All
Description:
Issue
If your Firebox has a zero-route Branch Office VPN tunnel for a local network, Mobile VPN with IKEv2 and Mobile VPN with IPSec users cannot connect to that local network. For example, if your Firebox has a Branch Office VPN tunnel with the route 10.0.2.0/24 <--> 0.0.0.0/0, Mobile VPN with IKEv2 and Mobile VPN with IPSec users cannot connect to the 10.0.2.0/24 network.
Workaround/Solution
There are two possible workarounds for this issue: This issue does not occur with other Mobile VPN methods. If your Mobile VPN users can instead connect to the remote side of the Branch Office VPN tunnel, the remote side might be able to route the Mobile VPN users to the 10.0.2.0/24 network.
