Operational Defect Database
BugZero found this defect 3406 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3k5SAA
Mobile VPN with SSL uses wrong interface IP address for data channel
Last update date:
6/23/2016
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
11.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
11.10.7
Fixed releases:
All
Description:
Issue
If you configure Mobile VPN with SSL to use a UDP port for the Data Channel and use an interface secondary IP address as the VPN gateway, the data channel will use the primary interface IP address instead of the secondary IP address.
Workaround/Solution
If there is no policy conflict, use the interface IP address for the external interface as the gateway for Mobile VPN with SSL.A second option is to make the current interface IP address a secondary IP address, and use the secondary IP address as the new interface IP address. Note that branch office VPNs must also use the primary interface IP address as the local gateway.
