Cradlepoint (Pertino) VPN and Watchguard Firewall
-
@r3dpand4 said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
Just out of curiosity....why are you going with a separate VPN product? The SSL Client VPN from WatchGuard is free and works fine.
Totally different type of product.
-
I dont know ZeroTier - I pressume it's similar? I'll take a look at it - why would you pick that over Pertino? I do believe our Watchguard is blocking the outbound connections. What ports do Pertino use (anyone know off the top?) I can see our firewall is denying 56436 AND 56511
-
@joel said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
I dont know ZeroTier - I pressume it's similar? I'll take a look at it - why would you pick that over Pertino? I do believe our Watchguard is blocking the outbound connections. What ports do Pertino use (anyone know off the top?)
They use 443.
-
@jaredbusch said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
@joel said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
I dont know ZeroTier - I pressume it's similar? I'll take a look at it - why would you pick that over Pertino? I do believe our Watchguard is blocking the outbound connections. What ports do Pertino use (anyone know off the top?)
They use 443.
The only other port ZeroTier uses is 9993/udp, but that's to help with local LAN detection. But it's not necessary.
-
I just took a look at ZT and I like that it works on QNAP and Synology too - very useful. I may have to look at this
-
@joel said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
I just took a look at ZT and I like that it works on QNAP and Synology too - very useful. I may have to look at this
One of my clients has the paid subscription to get notifications of ZT going down on selected devices. It is quite useful.
-
@joel said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
I just took a look at ZT and I like that it works on QNAP and Synology too - very useful. I may have to look at this
It's very broad support.
-
@scottalanmiller said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
just took a look at ZT and I like th
Scott is there a use case for Pertino anymore ? I still have them.
-
@krisleslie said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
@scottalanmiller said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
just took a look at ZT and I like th
Scott is there a use case for Pertino anymore ? I still have them.
If you have them already, they are fine. And they do some decent AD management stuff that is unique (I designed that but overall, what they offer isn't really unique and they are way more expensive than their more advanced competition. So my feeling is that their place is pretty niche today.
-
@scottalanmiller said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
@krisleslie said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
@scottalanmiller said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
just took a look at ZT and I like th
Scott is there a use case for Pertino anymore ? I still have them.
If you have them already, they are fine. And they do some decent AD management stuff that is unique (I designed that but overall, what they offer isn't really unique and they are way more expensive than their more advanced competition. So my feeling is that their place is pretty niche today.
It is important to note that today that @scottalanmiller ended with. When Pertino started in 2012, there was not anything good on the market to compare.
-
Exactly, times change. They have new and more modern competition and I've not seen Pertino do anything to keep up.
-
Connect to your Watchguard with WSM. Go to Policy and check the rules.
Do you have a policy for TCP(0)/UDP(0), From 'Any', to 'Any-External'.?
If so, then 443 request out from the device will be allowed.If you do not have that rule, or a similar rule but with the IP of the device withing the 'From' column, TCP/UDP will not be allowed out.
I believe Watchguard standard configuration is to stop all out, then allow only particular things out that are allowed. Rather than allow all out.
-
If your configuration is recent and the OS level is 12.x or better, out of the box the proxies enabled should be http, https, pop, smtp, ftp & tcp/udp. The settings are quite generic and you'll want to examine the live log as you attempt to connect looking for deny's. You may need to bump up the logging in the individual policies to catch your issue. The exception(s) can then be added to the proxy creating the issue.
I use OpenVPN as a client and connect to my network so I can't help or comment on your product.
-
It's still an expense for us. The only sticking point is the AD Connect which of course is awesome.