Watchguard SSLVPN unavalible

One organization I work for have Watchguard firewalls and are using SSLVPN. Yesterday it just stopped working. You couldn’t connect with the client and if you tried to access the {firewall address}/sslvpn.html you got “Connection refused”. First I tried to reboot the firewall and ended up with the same result. Checked the debug log and found these entries:
[ps]2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=8dea8c0) not found. Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=adea8c0) not found. Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=9dea8c0) not found. Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=4dea8c0) not found. Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=7dea8c0) not found. Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=2dea8c0) not found. Debug[/ps]
Googled it, of course, and didn’t really find anything useful. So i started checking all of the config, the access to the AD and stuff like that. Thought that if the firewall didn’t get access to the AD it might just close all AD dependent connections but all looked OK there two.

Finally I found out how to solve it, or really get ride of the problem. It’s hardly a sexy solution but here’s what I did:

  1. I saved my config to an XML file.
  2. I disabled the SSLVPN and saved that config to the firewall.
  3. Opened the saved XML config with SSLVPN enabled and uploaded it to the firewall.

Then it all worked again!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: