Operational Defect Database
BugZero found this defect 501 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000Bc4YSAS
Mobile VPN with SSL download page or Access Portal not accessible from internal network after upgrade to v12.9
Last update date:
3/10/2023
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.9.x
Fixed releases:
v12.9 Update 1
Description:
Issue
After upgrade to Fireware v12.9, users from internal networks cannot connect to the Firebox Mobile VPN with SSL download page on the Firebox when they specify the URL with the Firebox public IP address: https://<public ip>/sslvpn.html. In Traffic Monitor, you see deny logs with the message "invalid connection state 40 128 (Internal Policy)".This issue might also affect connections to the Access Portal from the internal network.
Workaround/Solution
To resolve the issue with the Firebox Mobile VPN with SSL download page: Add your internal network or alias to the FROM field of the WatchGuard SSLVPN policy. Include the internal interface IP address in the URL used to connect to the Firebox Mobile VPN with SSL download page: https://<internal interface ip>/sslvpn.html. To resolve the issue with the Access Portal: Use internal DNS resolution. and set the internal DNS server to resolve the Access Portal domain name to the trusted IP address of the FireboxIf no internal DNS resolution is available, use a hosts file to resolve the Access Portal domain name to the trusted IP address of the Firebox
