topic Re: Mobile Access Default Route in SASE and Remote Access

Mobile Access Default Route

Gaurav_Pandya — Wed, 03 Jan 2018 11:30:16 GMT

Hi All,

I am implementing Mobile access blade for one of the customer. All the features like, LDAP integration, Compliance check for endpoint security has been done successfully.

Now the requirement is that when user connects to Mobile access SSL VPN, he must use corporate Internet, means all routes gateway should be Corporate firewall and split tunneling feature should be disabled.

I have followed sk31873 and configured GUIDBedit from "route_all_client_traffic_to_connectra" = True

Now I am getting all the routes and also security policy is in place for Office_Pool but still I am unable to browse internet.

In tracker, I am getting below error.

Need expert advise.

Re: Mobile Access Default Route

PhoneBoy — Thu, 04 Jan 2018 15:47:41 GMT

Have you followed the advice in this SK?

"Encryption Failure: according to the policy the packet should not have been decrypted" log in SmartView Tracker

Re: Mobile Access Default Route

Gaurav_Pandya — Thu, 04 Jan 2018 16:15:54 GMT

Hi,

This article is more related to IPsec VPN. I am using Mobile access SSL VPN.

I have also checked that the Office mode IP (Office_pool) is not part of encryption domain.

Re: Mobile Access Default Route

Gaurav_Pandya — Wed, 10 Jan 2018 15:35:04 GMT

Hi All,

Finally Issue is resolved by creating new Native application with "Internet Ranges" and apply to Mobile access Rule.

Select 'Applications > Native Applications'.
Click 'New'. Select 'Authorized Locations'.
Click 'Address Range' and type in the range "0.0.0.1 - 255.255.255.254". Click 'Save'.

Re: Mobile Access Default Route

Jerry — Thu, 23 May 2019 14:43:31 GMT

now under R80.30 I've got similar issue

my MAB was working like a charm till ... R80.30 upgrade

my MAB Apps are just few plus Internet (done via Native 0.0.0.1-255.255.255.245) also in place

however, I do have an issue with only one little thing (all things works like a charm and I have not a single reason to complain) except ...

my IMAPS does not work with GMail.google.com when connected via EPS for Windows (E.80.96-E81.00).

just IMAPS with GMail does not work (native MS Outlook client) - all the rest works ie. Exchange Server to O365 etc.

my complete package contains all communication channels VIA MAB so all-gateway-mode not a SPLIT-TUNNEL, however all seems to be working just fine except ... GMail IMAPS (tcp).

just so you know I've made an exception no IPS/ThreatPrevention in order to facilitate src/dst with IMAPS ports.

still no go

I was just wondering whether any of you guys experienced such thing or ... would rather not use MAB for both (LAN/WAN) at the same time? 😛

thanks in advance for all your hints

ps. what do you think mate @PhoneBoy & @_Val_ ?

Re: Mobile Access Default Route

Jerry — Thu, 23 May 2019 14:52:05 GMT

sorry guys, my bad, please remove my previous post 😞 shame but I found a reason not related to CP but bloody Win10 Firewall ...