Operational Defect Database
BugZero found this defect 481 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000BcGaSAK
IKEv2 VPN client profile from WatchGuard Cloud does not include domain name suffix
Last update date:
1/25/2023
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.9.x
Fixed releases:
All
Description:
Issue
In the Mobile VPN with IKEv2 configuration for a cloud-managed Firebox in WatchGuard Cloud, the client profile file that you can download does not include a domain name suffix even when an internal DNS server is specified.
Workaround/Solution
You can modify the install script for Windows to include a DNS suffix. Extract the contents of WG VPN Profile.tgz.Modify the \IKEv2 VPN\Windows_8.1_10_11\ps\AddVPN.ps1 PowerShell script.Add the -DNSSuffix parameter to the Add-VPNConnection command located on line 11. Before:Add-VpnConnection -Name 'IKEv2 VPN' -ServerAddress 'gateway.example.net' -TunnelType 'IKEv2' -EncryptionLevel 'Required' -AuthenticationMethod Eap -RememberCredentialAfter:Add-VpnConnection -Name 'IKEv2 VPN' -ServerAddress 'gateway.example.net' -TunnelType 'IKEv2' -EncryptionLevel 'Required' -AuthenticationMethod Eap -DnsSuffix 'example.net' -RememberCredential Additional customization options are available. For more information, see https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000bopASAQ.
