The client we re using is 4.05. 40 min, with W2k everything works fine, with Win XP the VPN terminates after app. Regardless I m working with the VPN or ssl vpn client watchguard mac not. 5 min,vPN offers a lot ssl vpn client watchguard mac of IP locations so you can choose the one that fits you the best.
I'm looking into a firewall/VPN appliance for a small office, and the Watchguard XTM-23 looks like a good fit. My main concern is that their SSL VPN client works OK on Macs. A lot of the users travel, and they never know what their connectivity is going to be like, so an SSL VPN seems like the best choice (if they could count on IPsec, things would be a lot simpler). Anyone have any firsthand experience with it? I'm definitely open to suggestions for other brands in the same price range if you have good experiences to share.
I'm looking into a firewall/VPN appliance for a small office, and the Watchguard XTM-23 looks like a good fit. My main concern is that their SSL VPN client works OK on Macs. A lot of the users travel, and they never know what their connectivity is going to be like, so an SSL VPN seems like the best choice (if they could count on IPsec, things would be a lot simpler).
Anyone have any firsthand experience with it? I'm definitely open to suggestions for other brands in the same price range if you have good experiences to share. Why can't your users use ipsec? Are they traveling to places that have no broadband access at all? We have about 500 mac users using the Cisco vpn client and they have no problems connecting for the most part.
Cisco can be a little slow to update it for a new OS, and there are some problems with some brands of aircards, but other than that it is solid. Correct me if I'm wrong, but don't IPsec VPNs still have problems with badly configured networks? What happens when you're traveling, and you're stuck at a hotel that's double-NAT'ing for some stupid reason? Or has strictly locked down ports/services? My understanding is that IPsec won't be able to connect. I'm looking for a solution that can traverse just about any network config, and I thought an SSL VPN was the best choice for that.
That's also why I'm not considering IPsecuritas - it's IPsec, not SSL/TLS. I also know about VPN Tracker, but that is way overpriced IMHO. I can't speak to the WatchGuard SSLVPN solution, but I use Cisco AnyConnect SSLVPN, SonicWALL NetExtender SSLVPN (both with their SMB SSLVPN appliances and their firewalls), and SonicWALL's Aventail Connect with their enterprise SSLVPN appliances all on a weekly basis with my 2009 17' MacBook Pro running Snow Leopard. They're all effective with few to no issues. The biggest issue I have is that the NetExtender client doesn't always correctly set the appropriate DNS server or search domain, so name resolution doesn't always work as expected.
I'm still trying to pin this down as it's a pain for my clients. VPN delivered over TCP 443 are really quite convenient as some places (companies, hotels, etc) limit outbound ports, including UDP/TCP 500 and 4500 preventing IPSEC negotiation. I do find myself disappointed that a standard hasn't developed for delivering an SSL/TLS VPN that would permit use of a single, possibly OS integrated, client. That being said, I'm happy to report I have no coexistence issues. I'd suggested IP Securitas because you'd said 'f they could count on IPsec, things would be a lot simpler'. I've used that particular software to conenct to over a dozen different firewalls, from twice as many locations and never had any issues (though admittedly I didn't do much from hotels, but having had to restore some sanity to some hotels networks before I do understand the fickle nature).
Most firewalls will do a 30-day live demo: they'll send you the firewall to use, and if you like it at the end of 30 days you can go ahead and pay for it. Makes things much easier, and gives you a decent amount of time to work things out. Well, here we are a few weeks later, and I'm reporting in as promised. And the verdict is. Do not buy Watchguard if you need Mac support. I really wanted to love it, because it's a lot of promised functionality for a great price, but I'm extremely disappointed in this purchase. First of all, the SSL VPN does not work correctly on a Mac.
It connects up just fine, but split DNS is broken. The moment you establish the tunnel, it overwrites your DNS settings with the nameserver for the secure network. It then will respond to DNS requests for internal hosts only - that is to say, it breaks name resolution for anything outside the VPN. Watchguard has confirmed that this is a bug, but they cannot commit to a time frame for a fix.
How something this basic got by their QA department is totally beyond me. (By the way, it works just fine on Windows SSL VPN clients, so I know it's not a config error on the firewall.) Second, the web management interface is extremely wonky. It's all Flash, which looks real purty, but kind of sucks when it comes to actually, you know, WORKING.
Sometimes pages don't display at all. Sometimes they display partially. Sometimes it displays the whole page, but doesn't propagate all of the settings. So, you have to be really careful to make sure everything is there before you click 'save' to make sure you're actually doing what you think you are.
Here's a particularly annoying bug I discovered yesterday. Any time you make a change to the SSL VPN settings, it clears all of the users from the group that allows SSL VPN access. So, every time I make a change, I have to go back into the SSL VPN group and re-add everyone that needs access. Yes, I have been in contact with Watchguard about these problems. So far, no fixes. I'd advise any Mac user to steer clear of the Watchguard XTM-2 series.
Apple Footer. This site contains user submitted content, comments and opinions and is for informational purposes only. Apple may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Apple can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the.