WatchGuard Support Center

Knowledge Base - Article

 WatchGuard SSLVPN policy changes and the WG-VPN-Portal alias in Fireware v12.1.x

What changes occur to the WatchGuard SSLVPN policy if I upgrade to Fireware v12.1.x, or upgrade from Fireware v12.1.x to v12.2 or higher?

Upgrade from Fireware v12.0.2 or lower to v12.1.x

If the WatchGuard SSLVPN policy is part of your configuration in Fireware v12.0.2 or lower, and you upgrade to Fireware v12.1.x, the WatchGuard SSLVPN policy does not immediately change. However, if you save the settings for BOVPN over TLS or Mobile VPN with SSL, even if you make no changes, the WatchGuard SSLVPN policy changes:

  • The WG-VPN-Portal alias appears in the From field of the WatchGuard SSLVPN policy.
  • Interfaces in the WatchGuard SSLVPN policy are moved to the WG-VPN-Portal alias. 
  • Aliases that are not interfaces, such as IP addresses or users, are not moved to the WG-VPN-Portal alias, but are included in the From field.

To edit the interfaces in the WG-VPN-Portal alias, you must edit the Interfaces setting in the VPN Portal settings. For VPN Portal configuration instructions that apply to Fireware v12.1.x, see Configure the VPN Portal settings in Fireware v12.1.x .

Upgrade from Fireware v12.1.x to v12.2 or higher

When you upgrade from Fireware v12.1.x to v12.2 or higher, the WG-VPN-Portal alias is removed from the WatchGuard SSLVPN policy. Interfaces that appeared in the WG-VPN-Portal alias appear in the WatchGuard SSLVPN policy, which means the policy matches the same traffic.

For information about the WatchGuard SSLVPN policy in Fireware v12.2 or higher, see Configure the Access Portal and Configure the Firebox for Mobile VPN with SSL in Fireware Help.