Mobile VPN with SSL Traffic Does Not Reach the Firebox

Applies To: Cloud-managed Fireboxes This topic applies to Fireboxes you configure in WatchGuard Cloud., Locally-managed Fireboxes This topic applies to Fireboxes you configure in Policy Manager or Fireware Web UI.

Mobile VPN with SSL connection attempts fail when the traffic cannot reach the Firebox. In these cases, the most common causes are network path and connectivity issues outside the Firebox, such as upstream firewalls, ISP or carrier filtering, or restrictions on the local network of the user.

Symptoms

When upstream issues block Mobile VPN with SSL traffic, you might notice these symptoms:

• No Firebox log messages appear for the public IP address of the client device during connection attempts.
• Mobile VPN with SSL client log messages show timeouts or connection errors.

Diagnostic Steps

1. Reproduce the issue and filter the Firebox log messages by the public IP address of the client device. Verify that no Allow or Deny log messages appear for the public IP address of the client device at the time of the connection attempt.
2. Consider the scope of the issue.
   • If multiple users cannot connect, investigate upstream firewalls and routers or ISP or carrier filtering.
   • If a single user cannot connect, investigate restrictions such as a firewall or security software on the local network of the user
   • If a single user cannot connect from a specific device, on that device, investigate the user profile and local permissions and policy settings.

Possible Causes and Solutions

Possible Cause	Solution
An upstream firewall blocks the listener port configured for Mobile VPN with SSL.	Update the configuration on the upstream device to allow traffic to the Mobile VPN with SSL listener port and public IP address. For more information, go to Mobile VPN with SSL Connections Fail Over a Specific Network.
The ISP or network carrier of the user blocks or interferes with VPN traffic, and prevents it from reaching the Firebox.	Investigate and resolve issues with the ISP or carrier.
The local firewall or security product of the user blocks the connection to the Firebox.	Investigate and update security settings on the local network of the user to allow traffic to the Mobile VPN with SSL listener port and public IP address. For more information, go to Mobile VPN with SSL Connections Fail Over a Specific Network.
Configuration issues or a corrupt profile on the device of the user prevents the connection to the Firebox.	Investigate and resolve issues on the device of the user. For more information, go to Mobile VPN with SSL User Cannot Connect from a Specific Computer.

Related Topics

Troubleshoot Mobile VPN with SSL

About Mobile VPN with SSL