Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPSEC to WatchGuard Firebox not working in 1.2.2

    IPsec
    5
    7
    5107
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BenHead last edited by

      When establishing an IPSEC tunnel from pfSense to a WatchGuard Firebox X1000, I can't get traffic to pass using 1.2.2.  The exact same configuration (a backup/restore, in fact) works perfectly in 1.2-RELEASE, but under 1.2.2, the tunnel is established but no traffic passes.  Both pfSense (in the RRD graph) and the Firebox (in its packet counter) show that they're sending packets through the tunnel, but both sides show that they're receiving zero packets.  I haven't tried every possible combination of encryption and authentication schemes, but I tried a few and saw the same behavior from all.

      Personally I'm perfectly happy to run 1.2 for the time being, but I figured the developers (and any other users who might have been getting as frustrated as I was) might want to be aware.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        I have one customer using a pfSense to Firebox IPSec tunnel on 1.2.2, and it works just fine for them. It is a different model though: X5 Edge I think, but I haven't ever seen it, just connected remotely for a brief time while setting up the tunnel.

        I had similar symptoms on my setup, but it turned out to be a config problem (typo on my part) I had one side set to x.x.x.0/24, and the other set to x.x.x.1/24.

        They started out with 1.2.2, so I am not sure if 1.2 handled things any differently. You might want to double check every setting to make sure they absolutely match up.

        1 Reply Last reply Reply Quote 0
        • B
          BenHead last edited by

          Well, I backed up the 1.2.2 configuration to an XML file using the web interface, reinstalled with 1.2, and restored that same configuration again using the web interface, and it immediately worked, without me having to change a thing.  So I'm fairly certain there wasn't just a typo in the PSKs or anything.  ;D

          FWIW, this X1000 is running Fireware 9.1.

          Personally, I'm not really broken up about this.  I'm trying to get the boxes to talk because my boss is finally listening to me after nearly a year of telling him to dump WatchGuard for pfSense, but wants to deploy at our branch office first as a test before deploying here at the main office.  Assuming it goes well we'll install pfSense here as well and it'll be pf-pf tunneling instead of pf-Fireware.  Even as slow as things tend to move here, I'm hoping that'll be before 2.0 releases, so I'll be able to upgrade without worrying about compatibility testing.

          1 Reply Last reply Reply Quote 0
          • P
            Phil last edited by

            I'm having this exact issue with a firebox and 1.2.2. Any update on it?

            Phil

            1 Reply Last reply Reply Quote 0
            • P
              Phil last edited by

              Ok, I've downgraded my pfsense to 1.2 and, like you, it works fine.

              Phil

              1 Reply Last reply Reply Quote 0
              • M
                madas last edited by

                Anyone try removing the minipci card?

                UPDATE: tried this, didn't make a difference

                1 Reply Last reply Reply Quote 0
                • N
                  nambi last edited by

                  I have a watchguard II 700 I am trying to setup a VPN IPSEC connection with PFsense, the connection seems to work, whereby I can RDP into the remote site via lan ip address and I can ping the Watchgaurd site from the PFsense side, but when I try to ping from the watchguard side to the PFsense side, or try any type of communication I get no response, I have tried so many rule changes and I can't figure this out I have alos downgraded to 1.2 and still no luck.  Was this a similar problem you guys were experiencing?

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense Plus
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy