Hackviking.com He killed Chuck Norris, he ruled dancing so he took up a new hobby…

18Nov/110

Watchguard SSLVPN unavalible

One organization I work for have Watchguard firewalls and are using SSLVPN. Yesterday it just stopped working. You couldn't connect with the client and if you tried to access the {firewall address}/sslvpn.html you got "Connection refused". First I tried to reboot the firewall and ended up with the same result. Checked the debug log and found these entries:

2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=8dea8c0) not found.	Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=adea8c0) not found.	Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=9dea8c0) not found.	Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=4dea8c0) not found.	Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=7dea8c0) not found.	Debug
2011-11-17 20:28:36 sslvpn sslvpn_userlist, entry(virtual_ip=2dea8c0) not found.	Debug

Googled it, of course, and didn't really find anything useful. So i started checking all of the config, the access to the AD and stuff like that. Thought that if the firewall didn't get access to the AD it might just close all AD dependent connections but all looked OK there two.

Finally I found out how to solve it, or really get ride of the problem. It's hardly a sexy solution but here's what I did:

  1. I saved my config to an XML file.
  2. I disabled the SSLVPN and saved that config to the firewall.
  3. Opened the saved XML config with SSLVPN enabled and uploaded it to the firewall.

Then it all worked again!