Wondering if anyone can give a little help here. We have watchguard as our normal firewall/router (multiple VLANs, etc). Attempting to reuse our MX80 (from a previous deployment to a single server) as a VPN Concentrator behind the watchguard. I’ve reached out to Merkai and got their guide, but failing to see how this works with the Z1.
Basically, MX80 is setup (static ip on our local /24 network) and site-to-site (as hub) is setup. I’ll have multiple Z1 for home users to connect to this to access or main company networks. However after setting up the local network on the MX80 and attempting to connect from a Z1 location, I am unable to see any network from the company. The VPN status shows connected.
Guessing I’m missing a local network config setup step or need to configure a layer 3 hop?
So you have the MX80 in VPN concentrator mode? Means it has a single link which is in a DMZ behind the Watchguard FW?
Please try the following things for troubleshooting:
Check Route Table of Z1, it should include the company network prefixes (either multiple ones or a single big one, doesn’t matter) They should have a green icon next to them
Ping from the Z1 to the IP of the MX80 (appliance status - tools - ping)
Ping from the Z1 to the Gateway address of the MX80 (which should be the Watchguard firewall)
If the ping towards the MX80 IP works but not for the IP of the Watchguard, you are missing the return routes towards your Z1 networks on the Watchguard.