- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: CloudGuard - Remote Access SSL-VPN Connectivit...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CloudGuard - Remote Access SSL-VPN Connectivity Issue
Hi Everyone,
I'm practicing deploying CloudGuard Network Security Solution on Azure Public Cloud and I'm facing connectivity issues with setting up Remote-Access VPN.
On the web-browser, I can see that the gateway is resetting the connection: "It looks like <GW-Pub-IP-Addr> closed the connection -> ERR_CONNECTION_CLOSED"
The Architecture:
- CloudGuard Single Gateway deployed with 2 interfaces: eth0 and eth1. The static public IP is assigned to eth0:1 sub-interface.
- The SMS is on an on-premise VMware Workstation.
- IPsec VPN and Mobile Access VPN blades are enabled on the gateway.
I followed this SK article: Check Point Reference Architecture for Azure. The best practices section speaks about the IPsec VPN, Link Selection Source IP Address settings, where it says to select the private IP address of the gateway's external interface to ensure that the Gateway in the Azure cloud sends encrypted traffic with the source address set to its private IP address.
Is there anything similar to do for Remote Access VPN configuration as well?
- Anti-Spoofing is disabled on both external and internal interfaces.
- I suspected there might be a conflict with Web-UI and changed the web ssl-port from 443 to 4434. Even then the issue persists.
Could anyone help me to know what should I be troubleshooting for, please?
Thank you!
- Labels:
-
Remote Access
-
Site to Site VPN
-
VPN
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The solution to my problem was found here (sk115732): Unable to connect to Gaia Portal on port 443 (checkpoint.com)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What version/JHF level?
When you say "this SK article" what precise one?
Also, what precise client are you using here to connect?
Changing the WebUI port shouldn't be necessary here, as we handle this via Multiportal.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What version/JHF level? >>>> R81.10 JHF Take 95
When you say "this SK article" what precise one? >>>> SK Article: Check Point Reference Architecture for Azure
Also, what precise client are you using here to connect? >>>> Checkpoint Endpoint Security VPN and from Web Browser
Changing the WebUI port shouldn't be necessary here, as we handle this via Multiportal. >>>>
You're right. Not only https://<ip>/sslvpn URL, it looks like even the GAIA WebUI is also refusing to connect over port 443. But it works when I change the port to 4434.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The solution to my problem was found here (sk115732): Unable to connect to Gaia Portal on port 443 (checkpoint.com)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for sharing