Cradlepoint (Pertino) VPN and Watchguard Firewall
-
Team, I have a network running behind a Watchguard Firewall.
I'm have installed Pertino (a cloud based software VPN) on our FileServer with the aim for external client laptops to access files from outside to the office. However, I believe the Watchguard is blocking Pertino's connection and it cant authenticate to the pertino server.
My Q is: does anyone know how I can allow the application through our Watchguard?
-
That should not be a problem, unless the Watchguard is blocking outbound connections, which is very possible, but quite non-standard.
-
I’ll be the annoying one. Why Pertino and not another mesh VPN like ZeroTier or Tinc?
-
Pertino works completely over port 443 with standard TLS. Unless you are screwing with outbound TLS, you should have no issues.
-
@stacksofplates said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
I’ll be the annoying one. Why Pertino and not another mesh VPN like ZeroTier or Tinc?
Also, I would use ZeroTier over Pertino.
-
@jaredbusch said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
@stacksofplates said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
I’ll be the annoying one. Why Pertino and not another mesh VPN like ZeroTier or Tinc?
Also, I would use ZeroTier over Pertino.
Same here.
-
@joel said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
ave installed Pertino (a cloud based software VPN) on our FileServer with the aim for external client laptops to access files from outside to the office. H
What are the errors or logs you see on the Pertino software? What does your package analyzer show on the firewall or client?
-
Just out of curiosity....why are you going with a separate VPN product? The SSL Client VPN from WatchGuard is free and works fine.
-
@r3dpand4 said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
Just out of curiosity....why are you going with a separate VPN product? The SSL Client VPN from WatchGuard is free and works fine.
Totally different type of product.
-
I dont know ZeroTier - I pressume it's similar? I'll take a look at it - why would you pick that over Pertino? I do believe our Watchguard is blocking the outbound connections. What ports do Pertino use (anyone know off the top?) I can see our firewall is denying 56436 AND 56511
-
@joel said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
I dont know ZeroTier - I pressume it's similar? I'll take a look at it - why would you pick that over Pertino? I do believe our Watchguard is blocking the outbound connections. What ports do Pertino use (anyone know off the top?)
They use 443.
-
@jaredbusch said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
@joel said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
I dont know ZeroTier - I pressume it's similar? I'll take a look at it - why would you pick that over Pertino? I do believe our Watchguard is blocking the outbound connections. What ports do Pertino use (anyone know off the top?)
They use 443.
The only other port ZeroTier uses is 9993/udp, but that's to help with local LAN detection. But it's not necessary.
-
I just took a look at ZT and I like that it works on QNAP and Synology too - very useful. I may have to look at this
-
@joel said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
I just took a look at ZT and I like that it works on QNAP and Synology too - very useful. I may have to look at this
One of my clients has the paid subscription to get notifications of ZT going down on selected devices. It is quite useful.
-
@joel said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
I just took a look at ZT and I like that it works on QNAP and Synology too - very useful. I may have to look at this
It's very broad support.
-
@scottalanmiller said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
just took a look at ZT and I like th
Scott is there a use case for Pertino anymore ? I still have them.
-
@krisleslie said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
@scottalanmiller said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
just took a look at ZT and I like th
Scott is there a use case for Pertino anymore ? I still have them.
If you have them already, they are fine. And they do some decent AD management stuff that is unique (I designed that
but overall, what they offer isn't really unique and they are way more expensive than their more advanced competition. So my feeling is that their place is pretty niche today. -
@scottalanmiller said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
@krisleslie said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
@scottalanmiller said in Cradlepoint (Pertino) VPN and Watchguard Firewall:
just took a look at ZT and I like th
Scott is there a use case for Pertino anymore ? I still have them.
If you have them already, they are fine. And they do some decent AD management stuff that is unique (I designed that
but overall, what they offer isn't really unique and they are way more expensive than their more advanced competition. So my feeling is that their place is pretty niche today.It is important to note that today that @scottalanmiller ended with. When Pertino started in 2012, there was not anything good on the market to compare.
-
Exactly, times change. They have new and more modern competition and I've not seen Pertino do anything to keep up.
-
Connect to your Watchguard with WSM. Go to Policy and check the rules.
Do you have a policy for TCP(0)/UDP(0), From 'Any', to 'Any-External'.?
If so, then 443 request out from the device will be allowed.If you do not have that rule, or a similar rule but with the IP of the device withing the 'From' column, TCP/UDP will not be allowed out.
I believe Watchguard standard configuration is to stop all out, then allow only particular things out that are allowed. Rather than allow all out.
