Fix WatchGuard SSL VPN Connection Failures in Double NAT Configuration

**WatchGuard Mobile VPN with SSL** dialog box displaying three lines of text: *"(Failed to get domain name)"*, *"Could not download the configuration from the server."*, and *"Do you want to try to connect using the most recent configuration?"* Two response buttons are present: **Yes** and **No**.

**Fireware Web UI — SSL-VPN Policy Settings** The screen displays an SSL-VPN policy configuration in WatchGuard Fireware Web UI (logged in as **admin**). The policy is set to **Connections are: Allowed**, with traffic flowing **FROM: Any-External** → **TO: Firebox**, on **Port 443 / TCP**. Checkboxes for "Enable Intrusion Prevention," "Enable bandwidth and time quotas," and "Auto-block sites that attempt to connect" are all **unchecked**; a custom idle timeout field shows **180 seconds** but the checkbox to enable it appears unchecked.

The image shows a WatchGuard firewall policy management interface with 11 ordered firewall rules visible. Policies include FTP-proxy (tcp:21), HTTP-proxy (tcp:80), SSL-VPN (tcp:443), HTTPS-proxy (tcp:443), WG-Cert-Portal (tcp:4126), WG-Fireware-XTM (tcp:8080), DNS (tcp:53/udp:53), Ping (ICMP type 8), WG-Firebox-Mgmt (tcp:4105/tcp:411x), Outgoing TCP-UDP (tcp:0/udp:0), and Allow SSLVPN (Any). The interface shows **Policy Auto-Order Mode is currently enabled** (indicated by the "Disable Policy Auto-Order Mode" button being present), with most policies sourced from "Any-Trusted" and destined for "Any-External" or "Firebox," with App Control and Geolocation set to "Global" on applicable rules.

**Comcast Business gateway admin interface — Advanced > NAT page.** The "Disable All" checkbox is **checked**, disabling all 1-to-1 NAT rules; the NAT table shows **"No entries."** Status indicators in the top-right show **Internet: active (green)**, **Wi-Fi: error (red X)**, and **Low Security: flagged (red X)**; battery/power reads **0%**.

**Gateway > At a Glance** configuration page from a Comcast Business gateway admin interface. **Bridge Mode** is currently set to **Disable** (highlighted/active button); the **Enable** button is unselected. A note reads: *"Comcast Business SecurityEdge works only in Router Mode."* The Advanced/Basic radio buttons are grayed out/inactive, and two action buttons are present at the bottom: **SAVE CURRENT CONFIGURATION** and **RESTORE SAVED CONFIGURATION**.

The screenshot shows a Comcast Business gateway web UI (Gateway > Connection > Comcast Network) accessed via a local address of 10.1.10.1. The WAN IPv4 address **174.168.175.141** is highlighted in a red box, with Internet status shown as **Active**, WAN Mode as **DOCSIS**, and System Uptime of **9 days 7h: 20m: 11s**. WAN Static IP (IPv4) shows **Not Configured**, Default Gateway is **174.168.172.1**, and DNS servers are **75.75.75.75** (primary) and **75.75.76.76** (secondary).

The image shows a network interface graph for **External (eth0)** displaying traffic over the past 20 minutes. Key readouts: **IP Address: 10.1.10.121**, **Gateway: 10.1.10.1**, **Netmask: 255.255.255.0**, **MAC: 00:01:21:2C:BB:2E**, **Sent: 22,574 KB**, **Received: 103,652 KB**. The graph shows a significant spike in **Received** (orange) traffic approaching the current time, peaking near **8 Mbps**, while **Sent** (blue) traffic remains near baseline throughout the displayed period.